Salesforce (NYSE:CRM) has refused to pay a ransom to ShinyHunters, a group of hackers who claim to possess a horde of client data obtained through a data breach involving the third-party app Drift by Salesloft, according to Bloomberg.
An email sent to customers by Salesforce informed them it would not engage or deal with the extortion demand, the report said. The hackers apparently compiled data stolen through the Drift app, “which integrates with Salesforce to automate customer service interactions.”
The “hackers appear to have compiled the records taken from the Drift app in a large dataset, which was put up for sale on a cybercrime forum last week, rather than stealing customer information from a flaw in the core Salesforce platform,” the report said, citing the email sent by Salesforce to its clients. Most of the data stolen was basic contact information and IT configurations, but some also included access tokens.
The initial attack, targeting the Drift app, took place back in August.
“We want to inform our customers about a recent security incident involving the Drift app, published by Salesloft, that was installed by individual customers,” Salesforce said in a security advisory notice. “Salesforce security teams detected unusual activity that may have resulted in unauthorized access to a small number of customers’ orgs data via the app’s connection to Salesforce.”
“It is important to note that this issue did not stem from a vulnerability within the core Salesforce platform, but rather from a compromise of the app’s connection,” the notice continued. “Upon detecting the activity, Salesloft, in collaboration with Salesforce, invalidated active Access and Refresh Tokens, and removed Drift from AppExchange. We then notified affected customers.”