Tootfinder

Palo Alto confirms Salesloft Drift Integration was used to compromise Salesforce instances
https://unit42.paloaltonetworks.com/threat-brief-compromised-salesforce-instances/

Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances
This Threat Brief discusses observations on a campaign leveraging Salesloft Drift integration to exfiltrate data via compromised OAuth credentials.