Daily Briefing for 08.29.25

At a glance.

• Salesloft Drift breach affects all third-party integrations.
• TransUnion discloses breach affecting 4.4 million customers.
• Suspected ransomware attack disrupts hundreds of Swedish municipalities.
• FBI and Dutch police seize identity fraud marketplace.

Salesloft Drift breach affects all third-party integrations.

Google warns that an attack campaign tied to Salesloft Drift, a third-party AI chat app, was broader than initially believed. Google Threat Intelligence Group said in an update yesterday, "Based on new information identified by GTIG, the scope of this compromise is not exclusive to the Salesforce integration with Salesloft Drift and impacts other integrations. We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised."

The researchers added, "On August 28, 2025, our investigation confirmed that the actor also compromised OAuth tokens for the 'Drift Email' integration. On August 9, 2025, a threat actor used these tokens to access email from a very small number of Google Workspace accounts. The only accounts that were potentially accessed were those that had been specifically configured to integrate with Salesloft; the actor would not have been able to access any other accounts on a customer's Workspace domain."

TransUnion discloses breach affecting 4.4 million customers.

US-based consumer credit reporting giant TransUnion has disclosed a breach affecting personal information belonging to more than 4.4 million customers, TechCrunch reports. The company said no credit information was breached, but didn't share what type of personal information was affected. The firm is notifying affected customers.

BleepingComputer reports that the breach was the latest in a wave of social engineering attacks targeting organizations' Salesforce instances. The ShinyHunters extortion group has claimed responsibility for these attacks. BleepingComputer also obtained an alleged sample of the stolen data, which contained "names, billing addresses, phone numbers, email addresses, dates of birth, and unredacted Social Security Numbers of TransUnion customers."

Suspected ransomware attack disrupts hundreds of Swedish municipalities.

A suspected ransomware attack on HR software provider Miljödata has disrupted around 200 municipal governments across Sweden, the Record reports. (The country has a total of 290 municipalities.) Swedish Minister for Civil Defence Carl-Oskar Bohlin stated, "The scope of the incident has not yet been clarified, and it is too early to determine the actual consequences."

The Register says the attackers demanded a ransom of 1.5 Bitcoin (approximately $168,000), which is surprisingly low for such a widespread attack. It's unclear if the crooks stole data during the incident.

FBI and Dutch police seize identity fraud marketplace.

The US FBI and the Dutch National Police have seized two domains and a blog associated with the major identity fraud marketplace VerifTools. The US Justice Department said in a press release, "The Federal Bureau of Investigation (FBI) began investigating in August 2022 after discovering a conspiracy to use stolen identity information to access cryptocurrency accounts. The investigation revealed that VerifTools offered counterfeit identification documents for all 50 U.S. states and multiple foreign countries for as little as nine dollars, payable in cryptocurrency. The FBI used the VerifTools marketplace to generate and purchase counterfeit New Mexico driver’s licenses, which were paid for with cryptocurrency. The FBI has identified the equivalent of approximately $6.4 million of illicit proceeds linked to the VerifTools marketplace."