🚨 Urgent alert for AI agent users! Google has just dropped a bombshell, revealing a massive data theft hitting Salesloft Drift that’s bigger than anyone thought. Your Workspace accounts could be at risk! What steps are you taking to secure your digital footprint after this widespread credential compromise?

A significant **cybersecurity alert** has been issued by Google, dramatically escalating its warning regarding a **data theft warning** originating from the **Salesloft Drift AI agent**. This critical update advises all users to consider their Salesloft credentials thoroughly compromised, extending beyond initial assessments to now include **Google Workspace security** accounts.

In immediate response to the unfolding crisis, Google has swiftly acted by revoking all security tokens identified in the breaches. Furthermore, the tech giant has proactively disabled the integration between the **Salesloft Drift** agent and all Google Workspace accounts, initiating a comprehensive investigation to ascertain the full extent of the **credential compromise** and safeguard user data.

The latest revelations, stemming from a crucial update published recently, indicate that the **Salesloft Drift breach** reported earlier is considerably more widespread than initially understood. Google Threat Intelligence Group (GTIG) members had previously suggested that the compromised tokens were confined solely to Salesloft Drift integrations with Salesforce. However, the discovery of compromised Workspace accounts necessitated a significant re-evaluation of this assessment.

According to the recent update, the scope of this security incident is now definitively not exclusive to the Salesforce integration with **Salesloft Drift**, impacting numerous other integrations. This broadened understanding has led Google to strongly advise all **Salesloft Drift** customers to proactively treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised, urging immediate protective measures.

Salesloft Drift, known for its AI agent capabilities, functions as an AI-powered chat agent designed to facilitate real-time, human-like interactions for websites engaging with potential customers. Acquired by Salesloft approximately 18 months ago, the Drift platform is celebrated for its ability to integrate with various other services, including Salesforce, Slack, and Google Workspace, to streamline sales processes and customer relationship management.

Previously, Google had disclosed that a sophisticated attack group, identified as UNC6395, was executing a large-scale data theft warning campaign. This campaign exploited compromised Drift OAuth tokens to illicitly gain access to Salesforce instances. Once inside, the attackers meticulously accessed highly sensitive data housed within the Salesforce accounts, subsequently searching for additional credentials that could provide access to other critical services such as AWS and Snowflake, highlighting a complex chain of exploitation.

The extensive theft spree reportedly commenced as early as August 8 and persisted through at least August 18, prompting immediate action from Salesforce, which disabled Drift integrations with its primary cloud service, as well as its Slack and Pardot platforms, to prevent further unauthorized access and mitigate the impact of the credential compromise.

Google’s update strongly recommends that organizations implement immediate action to thoroughly review all third-party integrations linked to their Drift instance. They are further advised to revoke and rotate credentials for these applications and conduct an in-depth investigation of all connected systems for any signs of unauthorized access, underscoring the critical importance of robust cybersecurity alert protocols. In a move to enhance the investigative efforts, Salesloft has now engaged Mandiant, a Google-owned incident response service, to delve deeper into the intricacies of the breach.