Cloud Security Firm Zscaler Hit by Token-Based Data Breach

Zscaler, a publicly traded cloud security firm specializing in secure web gateways and zero trust network access, has disclosed a data breach that allowed attackers to access sensitive customer data in its Salesforce environment. The breach was carried out via compromised OAuth tokens issued to a third-party application, granting unauthorized access without breaching internal infrastructure.

The disclosure comes as Zscaler continues to report net annual losses, though the company emphasized AI-related demand in its earnings report. “AI is continuing to drive growth,” said Chief Executive Jay Chaudhry in a recent statement.

However, the breach adds operational pressure at a time of heightened expectations around security.

Why It Matters: The breach reveals a structural vulnerability in the use of third-party integrations that rely on OAuth tokens, credentials that can silently permit access across cloud systems. For an enterprise security vendor, the incident raises important questions about token governance, access boundaries, and the visibility of delegated integrations that function outside of traditional monitoring scopes.

• Attack Originated via OAuth Tokens Issued to a Third-Party App: The unauthorized access was made possible through OAuth tokens originally granted to a third-party application integrated with Zscaler’s Salesforce platform. These tokens enabled access without needing login credentials or multi-factor authentication, highlighting the high level of trust and persistence often associated with token-based access.

• Exposed Data Included Contact Details and Support Case Content: The attackers accessed customer names, business email addresses, phone numbers, job titles, geographic information, product licensing data, and plaintext content from a number of support cases. Although file attachments were not accessed, the exposed information presents a risk of follow-up phishing and impersonation attacks.

• Zscaler Infrastructure Remained Uncompromised, but Entry Point Was Trusted: Zscaler confirmed that its internal systems were not breached. However, the access occurred through a trusted integration into the company’s core customer management platform. This raises concern about how trusted SaaS tools are monitored, and how token access is managed post-deployment.

• Customers Warned About Risk of Follow-On Threats: In a statement attributed to CISO Sam Curry, the company warned that “it’s crucial to exercise caution regarding unsolicited communications, including emails, phone calls, or requests for sensitive information.” The concern is that attackers could use the exposed support data to craft convincing social engineering campaigns.

• Financial Losses Continue Despite Revenue Growth: Zscaler posted revenue growth in the quarter ended July 31 and provided strong guidance for FY2026. However, the company reported a net loss of approximately $38.8 million over the trailing twelve months. The breach now intersects with broader concerns about maintaining security posture amid business expansion and rising investor expectations.

Go Deeper -> Zscaler discloses data breach after cyberattack on third party – Cybernews

Zscaler Offers Sunny 2026 Outlook As AI Demand Drives Sales – WSJ