Google Warns Salesloft Drift OAuth Flaw Impacts All Integrations, Not Just Salesforce

31 Aug 2025

Breaking NewsCyber CrimeData BreachSecurityCybercrimeHackinghacking newsinformation security newsIT Information SecurityPierluigi PaganiniSalesforceSalesloftSecurity AffairsSecurity NewsOAuthToken SecurityAuthenticationAuthorizationData ProtectionIncident ResponseThreat DetectionCybersecurity FirmsGTIGMandiant

Google has revealed that an OAuth flaw in Salesloft Drift affects all integrations, not just Salesforce. This vulnerability has led to compromised OAuth tokens, which attackers have exploited to access certain information. GTIG and Mandiant, renowned cybersecurity firms, advise treating all connected tokens as compromised. The widespread nature of this flaw necessitates immediate action from organizations using Salesloft Drift. They should revoke and replace all OAuth tokens, investigate potential unauthorized access, and enhance monitoring to detect suspicious activity. The involvement of GTIG and Mandiant underscores the severity of this issue, highlighting the critical need for proactive measures to mitigate risks associated with compromised tokens. This incident serves as a stark reminder of the importance of robust security practices in OAuth implementations to prevent unauthorized access and data breaches.