Share
The avforums podcast brings you the latest tech, movie and gaming news, plus special features, interviews and show reports from the world of audio visual home entertainment
…
continue reading
Manage episode 520035528 series 3682930
Content provided by Threat Talks. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Threat Talks or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
You were promised safe SaaS - but got silent data loss.
In Inside the Salesloft Breach, Rob Maas and Luca Cipriano expose how trusted integrations became the attack vector.
They trace how vishing calls, trojanized Salesforce tools, and GitHub-to-AWS pivots gave attackers OAuth access and drained CRMs without a single alert. You’ll hear how Drift integrations and bulk SOQL queries quietly moved data out of sight, while audit trails and API metadata disappeared.
If you need provable control over data exfiltration and a narrative your board will understand, this is your playbook.
Turn Zero Trust from slogan to stop - with IP allowlists, app inventories, token telemetry, and shared responsibility that actually blocks abuse at the source.
- (00:00) - Cloud first did not mean data safe.
- (00:45) - What Salesforce is and why attackers target it.
- (02:00) - Campaign one. Vishing and a trojanized data loader to OAuth access.
- (04:15) - Campaign two. Salesloft and Drift path from GitHub to AWS to Salesforce tokens.
- (07:00) - Impact and cover up. 700 plus orgs hit and API job metadata removed.
- (09:10) - Who was involved. ShinyHunters, Scattered Spider, Lapsus, and legal fallout.
- (11:00) - Zero Trust actions. IP allowlisting, app inventory, token monitoring, staff education, shared responsibility.
Key Topics Covered:
• How one sign-in token became a master key for your CRM.
• The attacker’s route: from code repo → cloud → Salesforce → data exfiltration.
• What shared responsibility means in SaaS — and what’s actually on you.
• What truly stops it: trusted apps only, IP allowlists, short-lived tokens, and continuous monitoring.
Found value and want outcome focused guidance every week?
Subscribe to Threat Talks, turn on notifications and add your questions for the next deep dive
Guest and Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/
Luca Cipriano (Cyber Threat Intelligence Program Lead, ON2IT): https://www.linkedin.com/in/luca-c-914973124/
Click here to view the episode transcript.
Additional resources:
Threat Talks https://threat-talks.com/
ON2IT https://on2it.net/?
AMS IX https://www.ams-ix.net/ams
Salesforce https://www.salesforce.com/
Salesloft https://www.salesloft.com/
Drift https://www.drift.com/
Okta https://www.okta.com/
Have I Been Pwned https://haveibeenpwned.com/
🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: / @threattalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUE...
► APPLE: https://podcasts.apple.com/us/podcast...
👕 Receive your Threat Talks T-shirt
https://threat-talks.com/
🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com
🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX
97 episodes
))
