Workday Data Breach Exposes Customer Metadata via Drift-Salesforce Flaw
CyberPress
|
Contributed by: Drex DeFord
Summary
Workday has confirmed a data breach linked to the compromise of Salesloft's Drift application, resulting in unauthorized access to customer data within its Salesforce environment. Following the breach, which stemmed from anomalous activity related to the Drift integration, Workday took swift containment actions, including disabling the Drift connector and revoking OAuth tokens. An independent forensic investigation revealed that while the threat actor accessed some non-sensitive metadata, critical documents and sensitive information remained secure. This incident underscores the importance of robust security measures for third-party integrations in healthcare technology systems, as they can pose significant risks to patient and organizational data integrity.
