Hackers Target Salesloft and Drift in Social Engineering Attack

By  |  September 5, 2025
 | 
Salesloft

The number of companies impacted by the cyberattack on Salesloft’s Drift, and the ultimate severity of the attack, are reportedly still unknown.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    The data breaches that have been disclosed so far have raised concerns about social engineering attacks that could be strengthened by the data that was stolen, Dark Reading reported Thursday (Sept. 4).

    Salesloft disclosed last month that a fraudster breached Drift, the company’s marketing software-as-a-service product, by stealing OAuth and refresh tokens from its Salesforce integration and then used the tokens to move into some Salesloft customer environments and steal data, according to the report.

    Several companies have disclosed data breaches that resulted from this attack, the report said. They include Zscaler, Palo Alto Networks, Proofpoint, Cloudflare and Tenable.

    The disclosures show that the data that was stolen includes business contact information and support case content, per the report. The information is not as sensitive as information taken in other cyber incidents, but it could be used for social engineering attacks.

    However, because other types of data can be stored in Salesforce instances, the severity of the attack has not yet been determined, the report said.

    Advertisement: Scroll to Continue

    When Cloudflare announced that it had been impacted by the data breach, it said: “Most of this information is customer contact information and basic support case data, but some customer support interactions may reveal information about a customer’s configuration and could contain sensitive information like access tokens.”

    The Thursday report by Dark Reading highlighted a blog post from Okta that said Okta was targeted in the attack but prevented a breach of its Salesforce instance.

    “Our security team thoroughly investigated our systems and confirmed that while we observed evidence of attempts to access our resources using stolen tokens, our defenses worked as designed to prevent a breach,” the post said.

    In a Wednesday (Sept. 3) update posted on its website, Salesloft said it recommends that “all third-party applications integrated with Drift via API key proactively revoke the existing key for these applications.”

    The company also shared a link to a blog post from Mandiant that includes detailed recommendations for impacted organizations.


    Recommended

    AWS Uses re:Invent Day 1 to Unveil a Wave of AI Updates

    MOVii Establishes Operations in Peru and Aims to Expand Across Latin America

    Kalshi Raises $1 Billion to Expand Prediction Market Platform

    Instacart Sues New York City to Block New Grocery Delivery Laws

    See More In: , , , , , , , , ,