Palo Alto Network’s incident response firm said identity-based attacks are exploding as poor security controls stretch across a widening mosaic of integrated tools and systems.

Details about the attack are scattered, and discrepancies remain about the number of companies impacted and the extent to which they are compromised.

Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem.

The company said a threat actor accessed and snooped around its account for months, then stole OAuth tokens for Drift integrations from its cloud environment.

Salesloft said the AI chat agent for sales and leads will be taken offline, as investigations into the attack spree widen and reveal more victims.

Researchers said Google Workspace customers were hit, and noted other platforms are impacted as well. Fresh evidence proves impact was not limited to Salesforce, as Salesloft previously…