Overview

• Qualys said stolen OAuth credentials allowed limited access to some of its Salesforce information, disabled all Drift integrations, and engaged Mandiant while reporting no impact to its production platforms or customer data on the Qualys Cloud Platform.
• Google advised all Salesloft Drift customers to treat authentication tokens stored in or connected to the platform as potentially compromised and urged immediate review, revocation, rotation, and investigation of connected systems.
• Zscaler reported that stolen OAuth tokens enabled access to its Salesforce environment, revoked access and rotated API tokens, and cautioned customers about possible phishing or social‑engineering using exposed contact details.
• Recent disclosures from Palo Alto Networks, Proofpoint, Cloudflare, and Tenable describe exposure largely involving business contacts and support‑case content, with Cloudflare noting that some interactions may include sensitive configuration details or access tokens.
• The activity occurred primarily between August 8 and 18 via the Salesloft Drift–Salesforce integration, with Okta reporting attempted access using stolen tokens but confirming its defenses prevented a breach.