Risky Bulletin Srsly Risky Biz: Exploiting authorisation sprawl is the new black
Sep 11, 2025
Tom Uren and Amberleigh Jack dissect the Salesloft breach, spotlighting how one weak link can wreak havoc across interconnected systems. They discuss the alarming rise of authorization sprawl and the challenges in detecting misuse of tokens. Apple’s new Memory Integrity Enforcement is examined as a pivotal move towards bolstering device security, while the podcast also highlights an innovative five-year security chip development that emphasizes continuous testing. These insights reveal critical vulnerabilities and evolving strategies in the cybersecurity landscape.
AI Snips
Chapters
Transcript
Episode notes
Single-Provider Breaches Multiply Impact
- Breach of a single third-party service can produce a huge, multi-customer blast radius through auth tokens and integrations.
- The SalesLoft→GitHub→AWS→customer Salesforce chain shows how one compromise cascades across many firms.
Cloudflare's Investigation Reveals Keys Found
- Cloudflare investigated the incident and found the attacker enumerated processes and API limits to avoid detection.
- Cloudflare discovered 104 API keys inside customer case objects that the attacker harvested from Salesforce messages.
Integrations Turn Conversations Into Attack Surfaces
- Chat-integrated tools can leak sensitive credentials because users paste secrets into support threads and case objects.
- The variety of customer usage makes impact unpredictable: some firms never expose keys while others routinely store secrets in Salesforce.