In a major cybersecurity incident shaking the tech world, Zscaler, a leading cloud security provider, has confirmed a data breach that exposed sensitive customer information due to a supply chain attack targeting SalesLoft and Drift integrations with Salesforce. This breach, reported on September 1, 2025, has sparked widespread concern about the vulnerabilities in third-party SaaS integrations. If you’re a Zscaler customer or care about data security, here’s everything you need to know about the breach, the exposed data, and how to protect yourself from potential fallout.
What Happened in the Zscaler Data Breach?
The breach originated from a sophisticated supply chain attack exploiting SalesLoft’s Drift AI chat agent, which integrates with Salesforce to manage sales workflows. Threat actors, identified by Google Threat Intelligence Group (GTIG) as UNC6395, stole OAuth and refresh tokens from SalesLoft Drift, gaining unauthorized access to Zscaler’s Salesforce environment between August 8 and August 18, 2025. This allowed hackers to exfiltrate sensitive customer data from Zscaler’s Salesforce instance. Importantly, Zscaler’s core products, services, and infrastructure were not compromised, but the breach still poses significant risks due to the nature of the exposed information.
Exposed Information: What Was Leaked?
The attackers accessed a range of sensitive customer data stored in Zscaler’s Salesforce environment. According to Zscaler’s advisory, the compromised information includes:
- Customer Names: Full names of individuals associated with Zscaler accounts.
- Business Email Addresses: Corporate email IDs, which could be used for targeted phishing campaigns.
- Job Titles: Professional roles, enabling attackers to craft convincing social engineering attacks.
- Phone Numbers: Business contact numbers, increasing the risk of voice phishing (vishing).
- Regional/Location Details: Geographic data tied to customer accounts.
- Zscaler Product Licensing and Commercial Information: Details about licensing agreements and commercial transactions.
- Support Case Content: Plain text from certain customer support cases, though no attachments or files were included.
While Zscaler has found no evidence of misuse so far, the stolen data is highly valuable for cybercriminals. It could be used for phishing, vishing, or social engineering attacks, where attackers impersonate Zscaler or trusted vendors to extract further sensitive information or credentials.
Data breaches like this aren’t just headlines – they have real-world consequences. Exposed customer info could be weaponized for:
- Phishing and Social Engineering: Hackers might impersonate Zscaler to trick users into revealing more data.
- Reputation Damage: For Zscaler, a company built on trust in security, this could erode client confidence.
- Industry Wake-Up Call: It underscores the need for robust vendor risk management, especially in cloud-based services.
Leave A Comment