Particle.news

Download on the App Store

Salesforce Faces 15 Lawsuits in Northern California Over OAuth-Driven Data Thefts

Plaintiffs blame inadequate safeguards after attackers abused third‑party OAuth tokens via social engineering.

Overview

  • The Register says it has viewed 15 filings in recent weeks in Northern California, with many cases seeking class certification and injunctive relief.
  • Complaints allege stolen personal data has heightened identity‑theft risk, naming co‑defendants including TransUnion, Allianz, Farmers, Workday, and Pandora.
  • Google’s Threat Intelligence Group reports attackers tricked employees into authorizing malicious connected apps rather than exploiting a Salesforce platform vulnerability.
  • Filings cite token theft tied to Salesloft’s Drift integration following a March 2025 GitHub breach, and Salesforce subsequently revoked Drift’s access.
  • Company notices and state filings indicate millions affected, including nearly 4.5 million at TransUnion and more than a million each at Allianz and Farmers, with reports linking extortion efforts to ShinyHunters.