Attacks on Salesloft AI Chatbot Claim Another Victim: Cloudflare
Palo Alto Networks, Zscaler also say they were breached in campaign.
The Cloudflare headquarters in San Francisco last year. Photographer David Paul Morris/Bloomberg
Photographer: David Paul Morris/BloombergCloudflare Inc. is warning users of its technology to beef up their security after a hacker accessed the internet infrastructure company’s customer support data.
“Any information that a customer may have shared with Cloudflare in our support system — including logs, tokens or passwords — should be considered compromised, and we strongly urge you to rotate any credentials that you may have shared with us through this channel,” Cloudflare wrote in a blog post on Tuesday.
Cloudflare learned last week that it was impacted by the mass theft of Salesforce data through a breach of Salesloft Inc.’s Drift, a customer service chatbot. Drift integrates with Salesforce to automate customer service interactions. As a result, “someone outside Cloudflare” got access to its Salesforce systems for customer support and internal case management, the company said.
Most of the information comprises customer contact information and basic IT support data. But some of it included access tokens used for user authorization or information about a customer’s IT configuration, according to the post.