Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks | CyberScoop<\/title> <meta name=\"description\" content=\"Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/okta-zscaler-security-leaders-salesloft-drift-attacks\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks\"> <meta property=\"og:description\" content=\"Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/okta-zscaler-security-leaders-salesloft-drift-attacks\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-10-06T10:00:00+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1759256725g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1758741382g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/86254\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=86254\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fokta-zscaler-security-leaders-salesloft-drift-attacks%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fokta-zscaler-security-leaders-salesloft-drift-attacks%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-86254 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/okta-zscaler-security-leaders-salesloft-drift-attacks\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.183585313175\">\n<div class=\"single-article__header-content\" readability=\"34.151785714286\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/okta-zscaler-security-leaders-salesloft-drift-attacks\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/86254\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"400\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks.jpg?resize=640%2C400&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks-2.jpg 8333w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks-2.jpg?resize=300,187 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks-2.jpg?resize=768,480 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks-2.jpg?resize=1024,640 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks-2.jpg?resize=1536,960 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks-2.jpg?resize=2048,1280 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks-2.jpg?resize=600,375 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks-2.jpg?resize=269,168 269w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks-2.jpg?resize=539,337 539w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks-2.jpg?resize=1080,675 1080w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks-2.jpg?resize=1349,843 1349w\" sizes=\"(max-width: 1080px) 100vw, 1080px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"97.372406639004\"><body readability=\"198.32968185526\"><\/p>\n<p>When security researchers issued warnings about the Salesloft Drift issues last month, two prominent cybersecurity companies found themselves facing the same threat \u2014 but their stories ended up unfolding in different ways. <\/p>\n<p>Okta and Zscaler, among the larger players in the identity management space, were among the more than 700 Drift customers targeted in what has become one of the most significant supply chain attacks of the year. Within a week of Google security researchers\u2019 warning about the incident, which targeted the <a href=\"https:\/\/cyberscoop.com\/salesforce-salesloft-drift-attack-spree-google\/\">widespread theft of Salesforce customer data<\/a>, both companies went to work in figuring out how bad the damage would be. <\/p>\n<p>The companies had very different experiences. While Okta\u2019s security measures thwarted any lasting damage, Zscaler wasn\u2019t as lucky, having to deal with unauthorized access of both customer and internal company data. Same threat actor. Same timeline. Opposite outcomes.<\/p>\n<p>The divergence in incidents and responses offers a rare opportunity to understand how a cybersecurity strategy works in action. CyberScoop spoke with the security leaders of both companies to learn about how the attack went down from those directly in its crosshairs, and lessons learned that could bolster defenses of their companies and others going forward.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h5 class=\"wp-block-heading\" id=\"h-from-warning-to-incident\">From warning to incident<\/h5>\n<p>Salesloft hasn\u2019t publicly released a comprehensive root-cause analysis into the attack, but <a href=\"https:\/\/cyberscoop.com\/salesloft-drift-attack-root-cause-github-oauth\/\">initial results of its investigation<\/a> revealed a threat group gained access to its GitHub account as far back as March. The group, which Google tracks as UNC6395, achieved lateral movement and set up workflows in the Salesloft application environment before it accessed Drift\u2019s Amazon Web Services environment and obtained OAuth tokens used by Drift customers. <\/p>\n<p>Those tokens allowed the threat group to access and steal data from separate platforms integrated with Drift, an AI chat agent primarily used by sales teams. Google said the \u201cwidespread data theft campaign\u201d occurred during a 10-day period in mid-August. Nearly 40 companies, including <a href=\"https:\/\/cyberscoop.com\/salesloft-drift-attacks-cloudflare-palo-alto-networks-zscaler\/\">more than 20 cybersecurity vendors<\/a>, have publicly disclosed they were caught up in the attack spree.<\/p>\n<p>Zscaler received its first security alert from Salesforce a week after the data theft concluded, warning the security vendor that unauthorized IP addresses were using the application programming interface (API) for its Drift OAuth token. Zscaler immediately revoked the token, \u201ceven though it didn\u2019t really matter by that point,\u201d said Sam Curry, the company\u2019s chief information security officer.<\/p>\n<p>The damage was already done. Data on a large number of Zscaler\u2019s customers was exposed, including names, business email addresses, job titles, phone numbers, location details, Zscaler product licensing and commercial information, and plain text content from some support cases. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h5 class=\"wp-block-heading\" id=\"h-ip-limitations-for-defense\">IP limitations for defense<\/h5>\n<p>Since Okta uses Drift, it proactively hunted for signs of compromise when threat intel experts started warning about an issue with the service. The company found a \u201cshort burst of attempts\u201d to use Drift tokens from locations outside of the manually configured IP range it set up for security purposes, David Bradbury, Okta\u2019s chief security officer, told CyberScoop.<\/p>\n<p>That control blocked the attack and kept Okta\u2019s Drift integrations secure. Yet, many companies don\u2019t take that approach because setting IP restrictions for API calls is a manual and often laborious process requiring input and support from every vendor in the supply chain. <\/p>\n<p>\u201cIf we can put our minds to these problems, we can come up with solutions so that you can implement IP restrictions in a matter of clicks, rather than in a matter of days and weeks of continuous testing, and investigation and discovery,\u201d Bradbury said.<\/p>\n<p>Okta\u2019s investigation revealed a seemingly automated threat campaign. \u201cThey were not persistent,\u201d Bradbury said. \u201cThe hypothesis that we have at the moment is that there was a single significant script that was engineered that hit all of these all at once and pulled down all of this information in a series of events.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Zscaler\u2019s compromise was particularly frustrating given the timing: the company had already stopped using Drift in July, a decision completely unrelated to security \u2014 and made before any indicators of the attack campaign came to light. <\/p>\n<p>\u201cThat OAuth token that was being used with [Drift] was still active,\u201d Curry said. \u201cIt was due to be retired by the end of August,\u201d he added, describing that decision as a deliberate delay to make sure the token was fully disconnected and no longer in use. <\/p>\n<h5 class=\"wp-block-heading\" id=\"h-token-theft-cause-remains-a-mystery\">Token theft cause remains a mystery<\/h5>\n<p>Salesloft hasn\u2019t explained how the threat group accessed its GitHub account, nor how it accessed Drift\u2019s AWS environment and ultimately obtained customers\u2019 OAuth tokens. <\/p>\n<p>\u201cI don\u2019t actually know how they got the tokens out. I just know they did,\u201d Curry said. \u201cAs for how they store it, I don\u2019t know internally, except that they passed our security questionnaire and probably hundreds, if not thousands of others\u201d for third-party risk management, he added. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Okta also doesn\u2019t know how the threat group accessed its Salesloft Drift OAuth token. That information would have to come from Salesloft, Bradbury said.<\/p>\n<p>\u201cThe internet is connected by some very brittle, small pieces of information \u2014 these tokens that we constantly talk about, these combinations of letters and numbers in files that ultimately provide access to all of the applications that we use,\u201d he said. <\/p>\n<p>\u201cThose tokens need to be stored somewhere, and sadly there are mechanisms in place right now which doesn\u2019t necessitate actually tying these tokens directly to something \u2014 to prevent their reuse,\u201d Bradbury added. <\/p>\n<p>Most SaaS applications implement tokens and authentication in rather rudimentary means. \u201cThey\u2019re doing what\u2019s easy and what works, and what works is once you\u2019ve granted access you\u2019re actually storing these tokens somewhere,\u201d he said. <\/p>\n<h5 class=\"wp-block-heading\" id=\"h-lessons-learned-for-collective-defense\">Lessons learned for collective defense<\/h5>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>While their experiences in the wake of the Salesloft Drift attacks were quite different, Bradbury and Curry shared similar reflections and took many like-minded lessons from the third-party compromise that impacted hundreds of companies. <\/p>\n<p>\u201cAPIs are becoming a new highway of access that we need more control over, and we need better control of collectively,\u201d Curry said. \u201cAPIs get wider in terms of what you can do with them, and you need the ability to monitor them and to put preventative controls on them to look for behavioral changes.\u201d<\/p>\n<p>Zscaler learned another lesson the hard way \u2014 the importance of limiting IP address ranges for API queries, and rotating tokens more frequently. <\/p>\n<p>\u201cFor me, this wake-up call is saying API is a new attack-and-control plane that\u2019s far more exposed than most people realize from just a simple risk exercise,\u201d Curry said.<\/p>\n<p>\u201cThere are no small vendors in an API-connected world. It\u2019s just like \u2014 if you think about border security \u2014 there\u2019s no small and insignificant ports of entry,\u201d he added. \u201cThey all use the same highway systems.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Bradbury, who is expectedly pleased Okta wasn\u2019t impacted by this malicious campaign, can\u2019t help but feel frustrated because he believes there are better, more secure methods to protect unauthorized token use. The central issue in this supply-chain attack could have been avoided with Demonstrating Proof of Possession (DPoP), a mechanism that can constrain token use to a specific client and prevent the use of stolen tokens, he said. <\/p>\n<p>Once attackers steal tokens that can be reused without restriction, disastrous consequences await all, Bradbury added. <\/p>\n<p>\u201cWe need to see more SaaS vendors actually prioritizing security features on their roadmap, not just the features that will result in customer growth and revenue,\u201d he said. <\/p>\n<p>Security leaders have an important role to play in demanding these changes from their vendors. \u201cIt\u2019s about time that we started to use our collective ambitions to raise the bar for security to actually hold our vendors accountable,\u201d Bradbury said. <\/p>\n<p>Curry is taking a similar forward-looking approach. \u201cLet\u2019s learn from one another, instead of bayoneting the wounded,\u201d he said. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cAfter the fact, in the cold light of day, we\u2019ll all look at what happened,\u201d Curry added. \u201cI\u2019m not interested in blame at this point. I\u2019m interested in better security.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.1640625\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/okta-zscaler-security-leaders-salesloft-drift-attacks\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security leaders at Okta and Zscaler share lessons from Salesloft<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235,1064,3809,4880,5157,282,78,895,3729,646,614,256,3099,4899,4900,1813,1866,310,288,4345],"tags":[236,1065,3810,4881,5158,286,86,902,3731,650,619,262,3104,4902,4903,1814,1868,311,294,4348],"class_list":["post-8053","post","type-post","status-publish","format-standard","hentry","category-ai","category-amazon-web-services-aws","category-ciso","category-compromise","category-cso","category-cybercrime","category-cybersecurity","category-data-theft","category-google-threat-intelligence-group","category-mandiant","category-okta","category-research","category-salesforce","category-salesloft","category-salesloft-drift","category-supply-chain","category-supply-chain-attacks","category-technology","category-threats","category-zscaler","tag-ai","tag-amazon-web-services-aws","tag-ciso","tag-compromise","tag-cso","tag-cybercrime","tag-cybersecurity","tag-data-theft","tag-google-threat-intelligence-group","tag-mandiant","tag-okta","tag-research","tag-salesforce","tag-salesloft","tag-salesloft-drift","tag-supply-chain","tag-supply-chain-attacks","tag-technology","tag-threats","tag-zscaler"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/amazon-web-services-aws\/\" rel=\"category tag\">Amazon Web Services (AWS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ciso\/\" rel=\"category tag\">CISO<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/compromise\/\" rel=\"category tag\">compromise<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cso\/\" rel=\"category tag\">CSO<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/data-theft\/\" rel=\"category tag\">Data theft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-intelligence-group\/\" rel=\"category tag\">Google Threat Intelligence Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/okta\/\" rel=\"category tag\">okta<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/salesforce\/\" rel=\"category tag\">Salesforce<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/salesloft\/\" rel=\"category tag\">Salesloft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/salesloft-drift\/\" rel=\"category tag\">Salesloft Drift<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/supply-chain\/\" rel=\"category tag\">supply chain<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/supply-chain-attacks\/\" rel=\"category tag\">supply chain attacks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zscaler\/\" rel=\"category tag\">Zscaler<\/a>","tag_info":"Zscaler","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8053","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8053"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8053\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8053,"date":"2025-10-06T05:00:00","date_gmt":"2025-10-06T10:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=86254"},"modified":"2025-10-06T05:00:00","modified_gmt":"2025-10-06T10:00:00","slug":"security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/10\/06\/security-leaders-at-okta-and-zscaler-share-lessons-from-salesloft-drift-attacks\/","title":{"rendered":"Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks"},"content":{"rendered":"