The team identified threat actor activity exploiting the Salesloft-Drift integration to breach Salesforce instances. From August 8–18, 2025, compromised OAuth credentials were used to exfiltrate sensitive Salesforce data. The actor targeted objects like Account, Contact, Case, and Opportunity, and scanned for credentials post-exfiltration....