The Salesloft–Drift Breach: An Attack Path Case Study

This post analyzes the Salesloft–Drift breach and shows how a GitHub compromise allowed attackers to pivot into Salesloft's AWS, exfiltrate Drift–Salesforce OAuth tokens, and use those tokens to access hundreds of Salesforce tenants and harvest customer data and embedded secrets; the author frames the incident as an attack-path problem (clean source principle, identities in transit, hybrid cross-organization links) and advocates using attack-graph tooling to reveal and mitigate these risks.