Google Alerts Organizations Of Salesforce Data Theft - 1

Image by ajay_suresh, from Wikimedia Commons

Google Alerts Organizations Of Salesforce Data Theft

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Organizations using Salesforce may have had sensitive data stolen after hackers breached Salesloft, the sales automation platform behind the Drift AI chat integration.

In a rush? Here are the quick facts:

  • Hackers stole Salesforce data via Salesloft Drift OAuth and refresh tokens.
  • Stolen data included AWS keys, passwords, and Snowflake access tokens.
  • Salesforce and Salesloft revoked tokens and removed the Drift app temporarily.

Google’s Threat Intelligence Group (GTIG), together with Salesloft, reported that the attack occurred between August 8 and August 18, 2025. The attackers, tracked as UNC6395, executed the breach by using stolen OAuth and refresh tokens from the Drift application. penetrating various Salesforce platforms.

“Initial findings have shown that the actor’s primary objective was to steal credentials, specifically focusing on sensitive information like AWS access keys, passwords, and Snowflake-related access tokens,” a Salesloft advisory stated .

The attackers systematically ran queries on Salesforce objects, including Cases, Accounts, Users, and Opportunities.

GTIG noted, “UNC6395 demonstrated operational security awareness by deleting query jobs, however logs were not impacted and organizations should still review relevant logs for evidence of data exposure.”

BleepingComputer explains that the attackers hid their infrastructure through Tor, as well as with cloud hosting services such as AWS and DigitalOcean.

The security measures response by Salesloft and Salesforce included the cancellation of all active Drift tokens, as well as a temporary removal of the app from Salesforce AppExchange.

Customers need to re-authenticate their accounts and change their login credentials. Google advises organizations to check Salesforce objects for AWS keys, alongside Snowflake credentials, passwords, and VPN login URLs. Administrative staff should also implement IP blocking, restrict app privileges, and monitor authentication activity.

While some reports suggested links to the ShinyHunters extortion group, Google has not found evidence connecting them. “We’ve not seen any compelling evidence connecting them at this time,” said Austin Larsen, Principal Threat Analyst at GTIG.

BleepingComputer argues that the attack is part of a broader wave of attacks in which Salesforce is targeted through social engineering attacks that trick employees into authorizing dangerous applications.

High-profile organizations have recently reported related breaches, including Google, Cisco, Adidas, and Louis Vuitton.

Organizations implementing Drift-Salesforce integration should treat their data as compromised and execute immediate remediation procedures to defend their systems from additional theft.

Florida Schools To Test Pepper Spray Drones Against Mass Shootings - 2

Image by Ian Baldwin, from Unsplash

Florida Schools To Test Pepper Spray Drones Against Mass Shootings

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Three Florida school districts will soon test drone technology armed with pepper spray pellets to stop school shootings.

In a rush? Here are the quick facts:

  • Drones launch remotely from Texas, operated by FAA-certified pilots.
  • Each drone has cameras, alarms, two-way communication, and non-lethal weapons.
  • The Florida budget allocates $557,000 for school drone demonstrations.

The drones, designed by Texas-based Campus Guardian Angel, operate from secure charging boxes located on school premises. They can then be launched by FAA-certified operators in Texas who can control them remotely.

“In a school shooting, most of the death happens in the first 120 seconds, so it’s really about how quickly can you get there to engage the shooter,” said Justin Marston, founder and CEO of Campus Guardian Angel, as reported by the New York Post (NYP).

The drones possess two-way communication systems, together with alarms, video cameras, and non-lethal weapons including pepper spray rounds. The drones can also use a glass punch tool which allows them to break windows and create distractions.

TechSpot explains that the drones operate at 30 to 50 mph speed when inside buildings, and they can reach 100 mph when outdoors, which allows them to traverse a big campus in mere seconds. Operators in Austin, Texas coordinate the drones with school officials and police, feeding live video to first responders.

According to Newsweek , teams include a pilot, tactical specialists, and liaisons who pass on real-time updates to law enforcement. The drones work similarly to police dogs by scanning rooms and corners to help identify shooter positions and verify their identities.

The NYP reports that the system has already been tested in Miami-Dade schools and several districts in Texas. Florida Governor Ron DeSantis has approved $557,000 in the state’s 2025-2026 budget to support the demonstrations.

Still, the plan raises concerns. TechSpot reports that critics worry about drones colliding with students, technical failures, or making a crisis more chaotic. Some also question the training of remote operators.

Cybersecurity experts point to another potential threat: hacking. Indeed, Kaspersky notes that hackers are able to easily intercept or take control of drones from as far as a mile away. They can do this by exploiting unencrypted radio signals between the drone and its operators.

Once hijacked, a drone could be redirected, grounded, or even used to cause harm, turning a safety tool into a potential weapon.

Moreover, Kaspersky explains that techniques such as GPS spoofing could mislead a drone into flying off-course, while downlink interception could allow hackers to access live video feeds, potentially exposing sensitive information about students and staff.

Sophisticated attacks could involve sending another drone equipped with a small computer payload to hijack multiple drones and form a “swarm” controlled by hackers. Kaspersky explains that this method mirrors how botnets take control of numerous computers to execute synchronized attacks.

Other threats include jamming, which means that the drone itself (and its payload) can be stolen. In this way, hackers can also exploit vulnerabilities in connected systems, including school Wi-Fi, and operators’ mobile devices remain vulnerable to attacks.

Despite this, Campus Guardian Angel hopes to permanently install the drones in schools by fall, with a full rollout expected in January.