Back to News
Market Impact: 0.6

Palo Alto Networks, Zscaler customers impacted by supply chain attacks

PANWCRMZSGOOGLGOOG
Cybersecurity & Data PrivacyTechnology & Innovation

Palo Alto Networks and Zscaler, leading cybersecurity firms, have both disclosed impacts from a widespread supply chain attack leveraging compromised Salesloft Drift OAuth tokens that targeted their Salesforce CRM environments. While both companies assert the breaches were limited to business contact and basic customer data, with no compromise to their core products or services, Google Threat Intelligence identified the campaign (UNC6395) as affecting hundreds of potential targets beyond Salesforce, prompting Salesforce to disable all Salesloft Drift integrations. This incident underscores persistent supply chain vulnerabilities and the pervasive risk to enterprise customer data, even for major security providers.

Analysis

Two leading cybersecurity firms, Palo Alto Networks (PANW) and Zscaler (ZS), have disclosed breaches of their Salesforce (CRM) environments stemming from a sophisticated supply chain attack. The attack vector was a compromised Salesloft Drift application, which allowed a threat actor tracked as UNC6395 to access customer relationship management data via OAuth tokens. Both PANW and ZS have asserted that the breaches were contained, impacting only business contact information and basic sales data, with no compromise to their core products, services, or infrastructure. However, Zscaler noted a 'large number' of its customers were impacted. The incident's significance is amplified by findings from Google's Threat Intelligence Group, which revealed the campaign is more widespread than initially thought, affecting hundreds of potential targets and not limited to Salesforce instances. In response, Salesforce has taken the decisive step of disabling all integrations with Salesloft Drift, signaling the severity of the threat to its ecosystem. This event critically underscores that even top-tier security providers are vulnerable to third-party integration risks, shifting the focus of enterprise security from internal systems to the interconnected web of SaaS applications.

AllMind AI Terminal

AI-powered research, real-time alerts, and portfolio analytics for institutional investors.

Request a Demo

Market Sentiment

Overall Sentiment

moderately negative

Sentiment Score

-0.50

Ticker Sentiment

CRM-0.50
GOOG0.00
GOOGL0.00
PANW-0.20
ZS-0.20

Key Decisions for Investors

  • Investors in Palo Alto Networks (PANW) and Zscaler (ZS) should closely monitor for any revisions to the scope of the breach, as the current narrative of limited impact is critical to maintaining share price stability.
  • Salesforce (CRM) faces heightened scrutiny regarding the security vetting of its third-party application ecosystem, and investors should watch for potential impacts on customer trust or changes to its platform integration policies.