When you wake up, you open up your Gmail app and you wonder if all is well. Here is the scenario: Google announced that Salesloft suffered a breach and it impacted some Workspace accounts. If you are thinking, "What is Salesloft?" Salesloft is a SaaS tool that some companies use to manage sales engagement - it is integrated with Google Workspace which created the risk to impacted accounts based on the breach. Bad time no?
It's like you have your house to the max on security and then you gave a trusted friend a key and that key has now been exposed.
So here's what we know:
• Some accounts were impacted, but only a sub-set of accounts were impacted.
• Google is protecting users, who can be put at risk by Jimmy the player.
• Salesloft is handling the matter on their end.
Once, I looked up how many apps had access to my Google account, and I felt like I had handed out spare keys to half the neighborhood. Not wise.
• Review the apps that you allow to access your Google account.
• Remove the apps that you don't use.
• Enable two-factor authentication (2FA)- this gives you another lock.
• Monitor your account for suspicious activity and take any alerts seriously.
The next time you see "full access" in an app/access request, it might be worthwhile to ask yourself how much you really trust that app with your account.
So, What Happened?
The hackers did violate Salesloft's systems . Not Google's. Since Salesloft integrates with Workspace, there were some accounts relevant to Google utility. Google stated that Google was not hacked. Something was exposed from the external app.It's like you have your house to the max on security and then you gave a trusted friend a key and that key has now been exposed.
So here's what we know:
• Some accounts were impacted, but only a sub-set of accounts were impacted.
• Google is protecting users, who can be put at risk by Jimmy the player.
• Salesloft is handling the matter on their end.
Why This Is Important
Let's be real, how many of you have just clicked "Allow Access" to an app that coughs to connected with your Google account? I've done it! But every time you allow or activate an app, you are creating a potential weakness, and if one app is hacked, then your Gmail, Drive, or Calendar could be hacked as well.Once, I looked up how many apps had access to my Google account, and I felt like I had handed out spare keys to half the neighborhood. Not wise.
Steps to Safeguard Yourself
Here are few things you can do today:• Review the apps that you allow to access your Google account.
• Remove the apps that you don't use.
• Enable two-factor authentication (2FA)- this gives you another lock.
• Monitor your account for suspicious activity and take any alerts seriously.
The Bigger Picture
This is not the first breach, and it won't be the last. Possibly the scariest part is that although Google was forced to take action, these hackers were able to slip past Salesloft, and do so quietly.In Closing
Google's breach notifying Salesloft serves as a reminder that security isn't just about passwords; it is about what apps you trust.The next time you see "full access" in an app/access request, it might be worthwhile to ask yourself how much you really trust that app with your account.
