Particle.news
Download on the App Store
3 ARTICLES
·
last wk.

Salesforce Faces 15 Lawsuits in Northern California Over OAuth-Driven Data Thefts

Plaintiffs blame inadequate safeguards after attackers abused third‑party OAuth tokens via social engineering.

FILE: An aerial view of the Salesforce Tower on May 30, 2023, in San Francisco.

Overview

  • The Register says it has viewed 15 filings in recent weeks in Northern California, with many cases seeking class certification and injunctive relief.
  • Complaints allege stolen personal data has heightened identity‑theft risk, naming co‑defendants including TransUnion, Allianz, Farmers, Workday, and Pandora.
  • Google’s Threat Intelligence Group reports attackers tricked employees into authorizing malicious connected apps rather than exploiting a Salesforce platform vulnerability.
  • Filings cite token theft tied to Salesloft’s Drift integration following a March 2025 GitHub breach, and Salesforce subsequently revoked Drift’s access.
  • Company notices and state filings indicate millions affected, including nearly 4.5 million at TransUnion and more than a million each at Allianz and Farmers, with reports linking extortion efforts to ShinyHunters.