In early 2025, a sophisticated cyberattack targeted Salesloft, a sales engagement platform, and Drift, a conversational marketing company. The attackers began by compromising Salesloft’s GitHub account, where they downloaded source code and created rogue CI/CD workflows. This allowed them to escalate privileges and pivot into Drift’s AWS environment, where they discovered and exfiltrated OAuth tokens used to integrate with platforms like Salesforce, Slack, and Google.

These stolen tokens were then used to access Salesforce support cases across dozens of companies, including Cloudflare, Zscaler, Palo Alto Networks, and Proofpoint. In some cases, attackers accessed sensitive credentials like API keys, AWS secrets, and Snowflake tokens, leading to a widespread supply chain compromise.

🚨 The Impact

• Over 20 major companies affected
• OAuth tokens stolen and reused to access sensitive data
• Salesforce instances compromised via legitimate-looking API calls
• GitHub and AWS environments abused for lateral movement

🛡️ How RinTech Protects Your Business

At RinTech, we help businesses proactively secure their development environments through tailored consulting and project-based engagements. Here’s how we help prevent attacks like this:

🔄 Migrate Away from GitHub

We assist in migrating your code repositories from GitHub to self-hosted solutions, customized to your infrastructure. This reduces your exposure to public attack surfaces and gives you full control over access and auditing.

🔐 In-House DevOps Security

By managing your DevOps tools in-house:

• You avoid the inherent vulnerabilities of public platforms.
• You gain visibility into every user, commit, and workflow.
• You can enforce VPN-only access to all DevOps tools.

👁️ Endpoint & Network Monitoring

We implement:

• Endpoint monitoring to detect unauthorized repository changes or the creation of new users.
• Network monitoring to flag unusual outbound traffic or API calls to unknown devices — a key indicator of token abuse or data exfiltration.

🧩 Tailored Security Projects

Every client’s infrastructure is different. That’s why RinTech offers custom security project management to:

• Design and deploy secure DevOps pipelines
• Harden cloud and on-prem environments
• Implement secrets management and access controls
• Integrate monitoring tools like Wazuh, Suricata, and Checkmk

Want to know if your current DevOps setup could survive a breach like this?
Contact RinTech Solutions for a security consultation.