You were promised safe SaaS - but got silent data loss.In Inside the Salesloft Breach, Rob Maas and Luca Cipriano expose how trusted integrations became the attack vector.They trace how vishing calls, trojanized Salesforce tools, and GitHub-to-AWS pivots gave attackers OAuth access and drained CRMs without a single alert. You’ll hear how Drift integrations and bulk SOQL queries quietly moved data out of sight, while audit trails and API metadata disappeared.If you need provable control over data exfiltration and a narrative your board will understand, this is your playbook.Turn Zero Trust from slogan to stop - with IP allowlists, app inventories, token telemetry, and shared responsibility that actually blocks abuse at the source.(00:00) - Cloud first did not mean data safe.

(00:45) - What Salesforce is and why attackers target it.

(02:00) - Campaign one. Vishing and a trojanized data loader to OAuth access.

(04:15) - Campaign two. Salesloft and Drift path from GitHub to AWS to Salesforce tokens.

(07:00) - Impact and cover up. 700 plus orgs hit and API job metadata removed.

(09:10) - Who was involved. ShinyHunters, Scattered Spider, Lapsus, and legal fallout.

(11:00) - Zero Trust actions. IP allowlisting, app inventory, token monitoring, staff education, shared responsibility.
Key Topics Covered:•  How one sign-in token became a master key for your CRM.•  The attacker’s route: from code repo → cloud → Salesforce → data exfiltration.•  What shared responsibility means in SaaS — and what’s actually on you.•  What truly stops it: trusted apps only, IP allowlists, short-lived tokens, and continuous monitoring.Found value and want outcome focused guidance every week? Subscribe to Threat Talks, turn on notifications and add your questions for the next deep diveGuest and Host Links: Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/ Luca Cipriano (Cyber Threat Intelligence Program Lead, ON2IT): https://www.linkedin.com/in/luca-c-914973124/Click here to view the episode transcript.
Additional resources:Threat Talks https://threat-talks.com/ON2IT https://on2it.net/?AMS IX https://www.ams-ix.net/amsSalesforce https://www.salesforce.com/Salesloft https://www.salesloft.com/Drift https://www.drift.com/Okta https://www.okta.com/Have I Been Pwned https://haveibeenpwned.com/🔔 Follow and Support our channel! 🔔=== ► YOUTUBE:  / @threattalks  ► SPOTIFY: https://open.spotify.com/show/1SXUyUE...► APPLE: https://podcasts.apple.com/us/podcast...👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Ver todos los episodios