Google Warns of Massive Data Theft Linked to Salesloft AI Agent

Last week it was revealed that hackers compromised the Salesloft sales automation platform, stealing OAuth and refresh tokens from its AI agent Drift—an integration tool for Salesforce. Google has now confirmed that the breach was far more extensive, with attackers also accessing Google Workspace data.

How the Breach Unfolded

SalesDrift, a third-party platform connecting the Drift AI chatbot with Salesforce, allows organizations to sync conversations, leads, and support cases with their CRM. Drift can also integrate with other services, including Slack and Google Workspace.

According to Salesloft, the attack occurred between August 8 and August 18, 2025. During that time, hackers obtained client OAuth and refresh tokens for Drift’s Salesforce integration and used them to steal data directly from Salesforce.

“The initial investigation indicated that the attacker’s primary goal was credential theft, specifically focusing on sensitive information such as AWS access keys, passwords, and access tokens related to Snowflake,” Salesloft stated. The company emphasized that customers not using the Drift-Salesforce integration were not impacted. It also reported no evidence of ongoing malicious activity.

In response, Salesloft and Salesforce revoked all active Drift tokens. Salesforce additionally removed the Drift app from AppExchange until the investigation is complete and the platform is verified as secure.

Attribution and Attack Details

Google Threat Intelligence (Mandiant) attributed the breach to hacker group UNC6395. Once inside Salesforce instances, the group ran SOQL queries to extract authentication tokens, passwords, and secrets from support cases. These credentials allowed them to pivot into other platforms.

“UNC6395 was targeting sensitive credentials, including AWS access keys, passwords, and Snowflake tokens,” Google researchers wrote. “The group also showed strong operational security, deleting query jobs to hide their tracks. However, logs were not affected, and organizations should review them for evidence of compromise.”

Indicators of compromise (IOCs) included Tor-based infrastructure, hosting via AWS and DigitalOcean, and suspicious user agents such as python-requests/2.32.4, Python/3.11 aiohttp/3.12.15, and custom tools like Salesforce-Multi-Org-Fetcher/1.0 and Salesforce-CLI/1.0.

Scope Expands: Google Workspace Affected

A few days later, Google warned that the incident extended beyond Salesforce. Stolen OAuth tokens from Drift’s email integration were used to access Google Workspace accounts. On August 9, attackers accessed the email of a “small number” of Workspace users tied to Drift.

“This issue was not limited to Salesforce,” Google explained. “We now recommend that all Salesloft Drift customers treat any authentication tokens stored on or connected to the Drift platform as potentially compromised.”

Following this revelation, Salesloft confirmed that Salesforce had disabled Drift integrations with Salesforce, Slack, and Pardot pending further investigation.

Conflicting Claims of Responsibility

While Google attributes the attacks to UNC6395, members of the ShinyHunters group told Bleeping Computer that they were responsible. Later, however, they denied involvement in the support case data theft.

ShinyHunters also claimed to be working with Scattered Spider, and the two groups now call themselves “Sp1d3rHunters.”

A Familiar Pattern of Victims

Recent breaches linked to Salesforce leaks and ShinyHunters’ operations include Adidas, Qantas, Allianz Life, LVMH brands (Louis Vuitton, Dior, Tiffany & Co), Cisco.com, Chanel, and jewelry maker Pandora.

What Organizations Should Do

Google urged any company using Drift-Salesforce or Drift-Workspace integrations to assume their Salesforce and Google Workspace data has been compromised. Immediate incident response measures—revoking tokens, reviewing logs, rotating keys, and resetting credentials—are strongly recommended.