Salesloft Drift security incident started with undetected GitHub access | CyberScoop<\/title> <meta name=\"description\" content=\"The company said a threat actor accessed and snooped around its account for months, then stole OAuth tokens for Drift integrations from its cloud environment.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/salesloft-drift-attack-root-cause-github-oauth\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Salesloft Drift security incident started with undetected GitHub access\"> <meta property=\"og:description\" content=\"The company said a threat actor accessed and snooped around its account for months, then stole OAuth tokens for Drift integrations from its cloud environment.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/salesloft-drift-attack-root-cause-github-oauth\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-09-08T20:21:10+00:00\"> <meta property=\"article:modified_time\" content=\"2025-09-08T20:21:13+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/salesloft-drift-security-incident-started-with-undetected-github-access-2.jpg\"> <meta property=\"og:image:width\" content=\"4500\"> <meta property=\"og:image:height\" content=\"3375\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1754500264g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1756821995g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/85891\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=85891\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsalesloft-drift-attack-root-cause-github-oauth%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsalesloft-drift-attack-root-cause-github-oauth%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-85891 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/salesloft-drift-attack-root-cause-github-oauth\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.981132075472\">\n<div class=\"single-article__header-content\" readability=\"35.266978922717\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/salesloft-drift-attack-root-cause-github-oauth\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The company said a threat actor accessed and snooped around its account for months, then stole OAuth tokens for Drift integrations from its cloud environment. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/85891\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"480\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/salesloft-drift-security-incident-started-with-undetected-github-access.jpg?resize=640%2C480&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/salesloft-drift-security-incident-started-with-undetected-github-access-2.jpg 4500w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/salesloft-drift-security-incident-started-with-undetected-github-access-2.jpg?resize=300,225 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/salesloft-drift-security-incident-started-with-undetected-github-access-2.jpg?resize=768,576 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/salesloft-drift-security-incident-started-with-undetected-github-access-2.jpg?resize=1024,768 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/salesloft-drift-security-incident-started-with-undetected-github-access-2.jpg?resize=1536,1152 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/salesloft-drift-security-incident-started-with-undetected-github-access-2.jpg?resize=2048,1536 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/salesloft-drift-security-incident-started-with-undetected-github-access-2.jpg?resize=600,450 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/salesloft-drift-security-incident-started-with-undetected-github-access-2.jpg?resize=224,168 224w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/salesloft-drift-security-incident-started-with-undetected-github-access-2.jpg?resize=449,337 449w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/salesloft-drift-security-incident-started-with-undetected-github-access-2.jpg?resize=900,675 900w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/salesloft-drift-security-incident-started-with-undetected-github-access-2.jpg?resize=1124,843 1124w\" sizes=\"(max-width: 900px) 100vw, 900px\"><figcaption> Salesloft confirmed the impact is much more severe and widespread. (imageBROKER\/Timon Schneider\/Alamy) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"51.895537124803\"><body readability=\"106.65876882197\"><\/p>\n<p>Salesloft pinned the root cause of the <a href=\"https:\/\/cyberscoop.com\/salesloft-drift-compromise-scope-expands\/\">Drift supply-chain attacks<\/a> to a threat group gaining access to its GitHub account as far back as March, the company said in an <a href=\"https:\/\/trust.salesloft.com\/?uid=Update+on+Mandiant+Drift+and+Salesloft+Application+Investigations\">update<\/a> Saturday. <\/p>\n<p>During a 10-day period in mid-August, the threat group compromised and stole data from <a href=\"https:\/\/cyberscoop.com\/salesloft-drift-attacks-cloudflare-palo-alto-networks-zscaler\/\">hundreds of organizations<\/a>. <\/p>\n<p>The threat group, which Google tracks at UNC6395, spent time lurking in the Salesloft application environment, downloaded content from multiple repositories, added a guest user and set up workflows over a monthslong period through June, according to Salesloft. <\/p>\n<p>\u201cThe threat actor then accessed Drift\u2019s Amazon Web Services environment and obtained OAuth tokens for Drift customers\u2019 technology integrations,\u201d the company said. \u201cThe threat actor used the stolen OAuth tokens to access data via Drift integrations.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The update marks the most significant details shared yet by Salesloft since Google security researchers first warned about the \u201cwidespread data theft campaign\u201d last month. The company is still withholding key details as its incident response firm, Mandiant, has transitioned to confirm the quality of its forensic investigation.<\/p>\n<p>Salesloft has not explained how its GitHub account was accessed, what attackers did in its environment, nor how the threat group accessed Drift\u2019s AWS environment and obtained OAuth tokens. The company also hasn\u2019t explained why OAuth tokens were stored in the cloud environment, and if the stolen OAuth tokens were for internal integrations with third-party platforms or customers\u2019 OAuth tokens for individual integrations.<\/p>\n<p>The company has not responded to multiple requests for comment dating back to Aug. 26, when news of the attacks first surfaced.<\/p>\n<p>Analysts and researchers acknowledge that Salesloft may still be seeking definitive answers about what went wrong, yet the company already misfired when it <a href=\"https:\/\/cyberscoop.com\/salesforce-salesloft-drift-attack-spree-google\/\">erroneously claimed exposure was limited<\/a> to Drift customer instances integrated with Salesforce. Days later, Google Cloud\u2019s incident response firm Mandiant said Salesloft Drift customers were compromised en masse, potentially snagging any user that integrated the AI chat agent platform to another third-party service.<\/p>\n<p>\u201cI don\u2019t think they\u2019re being fully transparent. They\u2019re still holding some stuff back,\u201d said Paddy Harrington, senior analyst at Forrester.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Salesloft\u2019s post-incident investigation thus far underscores multiple areas where the company\u2019s security practices and controls were apparently less than adequate, according to Harrington. <\/p>\n<p>Nathaniel Jones, VP of security and AI strategy at Darktrace, said he hopes more information will be shared once the investigation is complete. \u201cThey\u2019ve confirmed the breach and downstream impacts but stopped short of saying how the attacker got in,\u201d he added.<\/p>\n<p>\u201cThey\u2019ve boxed in the Drift environment, taken it offline, rotated credentials, and emphasized containment. That\u2019s all good practice,\u201d Jones said.<\/p>\n<p>Salesloft took Drift offline Friday and said the move was temporary \u201cto fortify the security of the application and its associated infrastructure.\u201d Salesloft rotated all centrally managed keys for OAuth users, but customers who manage Drift connections to third-party applications via API keys need to revoke existing keys directly with the third-party provider\u2019s application, the company said. <\/p>\n<p>The Salesloft platform, which has been technically segmented from Drift and confirmed uncompromised, according to Mandiant, restored connections with Salesforce Sunday, the company said. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Salesloft doesn\u2019t know when Drift will be restored and brought back online. Yet, the company may need to make significant changes to regain trust as the lingering and still unknown effects of the damage caused by the breach stain Drift\u2019s reputation.<\/p>\n<p>\u201cThey\u2019re probably going to have to rename that thing. The name alone is now totally tainted,\u201d Harrington said. \u201cThey could reintroduce the product, but they\u2019re going to have to totally talk about a rearchitecture change.\u201d<\/p>\n<p>Key details are still missing about how the attack occurred, and customers need to understand the true scope of the supply-chain attack and the extent of data stolen, he added.<\/p>\n<p>\u201cWe\u2019re in a time where attackers are going to find the least-protected asset and they\u2019re going to go for it, and they struck gold here. Holy crap, did they strike gold,\u201d Harrington said. \u201cThis thing just keeps getting worse and worse and worse.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.3071297989031\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/salesloft-drift-security-incident-started-with-undetected-github-access-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/salesloft-drift-attack-root-cause-github-oauth\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Salesloft Drift security incident started with undetected GitHub access |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1064,282,78,3721,124,725,3729,281,646,4387,256,3099,4899,4900,310,288],"tags":[1065,286,86,3722,127,728,3731,285,650,4388,262,3104,4902,4903,311,294],"class_list":["post-7968","post","type-post","status-publish","format-standard","hentry","category-amazon-web-services-aws","category-cybercrime","category-cybersecurity","category-darktrace","category-forrester","category-github","category-google-threat-intelligence-group","category-hacking","category-mandiant","category-oauth","category-research","category-salesforce","category-salesloft","category-salesloft-drift","category-technology","category-threats","tag-amazon-web-services-aws","tag-cybercrime","tag-cybersecurity","tag-darktrace","tag-forrester","tag-github","tag-google-threat-intelligence-group","tag-hacking","tag-mandiant","tag-oauth","tag-research","tag-salesforce","tag-salesloft","tag-salesloft-drift","tag-technology","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/amazon-web-services-aws\/\" rel=\"category tag\">Amazon Web Services (AWS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/darktrace\/\" rel=\"category tag\">Darktrace<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/forrester\/\" rel=\"category tag\">Forrester<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/github\/\" rel=\"category tag\">GitHub<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-intelligence-group\/\" rel=\"category tag\">Google Threat Intelligence Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hacking\/\" rel=\"category tag\">hacking<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/oauth\/\" rel=\"category tag\">OAuth<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/salesforce\/\" rel=\"category tag\">Salesforce<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/salesloft\/\" rel=\"category tag\">Salesloft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/salesloft-drift\/\" rel=\"category tag\">Salesloft Drift<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7968"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7968\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7968,"date":"2025-09-08T15:21:10","date_gmt":"2025-09-08T20:21:10","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=85891"},"modified":"2025-09-08T15:21:10","modified_gmt":"2025-09-08T20:21:10","slug":"salesloft-drift-security-incident-started-with-undetected-github-access","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/09\/08\/salesloft-drift-security-incident-started-with-undetected-github-access\/","title":{"rendered":"Salesloft Drift security incident started with undetected GitHub access"},"content":{"rendered":"