Salesloft Takes Drift Offline to ‘Build Security’ Following Hack Targeting Salesforce Customers : Tom M
by: Tom M
blow post content copied from Salesforce News | Salesforce Ben
click here to view original post
**Summary of Salesloft Drift Security Incident** Salesloft Drift is temporarily going offline to enhance security after being targeted in a data theft campaign. Recently, it was reported that hackers, identified as ‘UNC6395’, exploited the application to access Salesforce customer data using compromised OAuth tokens. Initially, it was believed that only Salesforce users were affected, but further investigations revealed that the breach also impacted users of the “Drift Email” integration. In response, Salesloft announced that Drift will be taken offline soon to allow for a thorough security review. This means the Drift chatbot on customer websites will be unavailable, but users can still access the Salesloft platform and browser extension for their daily tasks. Existing Salesforce data in Salesloft will remain accessible, and the company assures that no critical data will be lost during this disconnection. Salesloft's AI agents will continue to function using previously synced data. Salesforce has confirmed that the issues are not due to vulnerabilities in its core platform. **Key Details:** - Salesloft Drift is offline temporarily for security improvements. - Hackers accessed Salesforce data through compromised OAuth tokens. - The breach affected both Salesforce and Drift Email integrations. - Users can still use Salesloft without Salesforce integration. - No critical data loss is expected during the disconnection. **Additional Context:** This incident highlights the importance of cybersecurity, especially for applications that integrate with major platforms like Salesforce. Companies must remain vigilant against data theft and ensure robust security measures are in place. **Hashtags for SEO:** #Salesloft #Drift #Cybersecurity #DataBreach #Salesforce #OAuth #TechNews #DataSecurity #Hacking #SalesTech
Salesloft Drift is being taken offline “temporarily” to boost security after the application was targeted in a data theft campaign.
Last week, we reported that Salesforce customers had been targeted in a hacking campaign, carried out through the third-party application Salesloft Drift. Google Threat Intelligence Group (GTIG) had said that the data theft incident was carried out by the actor tracked as ‘UNC6395’ – a different designation than that given to the ‘ShinyHunters’ group, said to be responsible for several recent social engineering attacks.
GTIG said that hackers targeted Salesforce instances through compromised OAuth tokens associated with Drift, and then systematically exported “large volumes of data” from numerous corporate Salesforce instances.
Initially, Salesloft had indicated that customers who do not integrate with Salesforce were not impacted by the campaign. But GTIG later revealed that the Drift hack was worse than previously thought, and new information suggested that the scope of the compromise was actually not exclusive to the Salesforce integration – and OAuth tokens for the “Drift Email” integration had also been compromised.
Now, in an update posted on September 2, Salesloft announced that Drift would be taken down “temporarily” in order to boost its security.
Salesloft Drift to be ‘Taken Offline in the Very Near Future’
The post, addressed to ‘All Drift Admins’, reads: “Drift will be temporarily taken offline in the very near future. This will provide the fastest path forward to comprehensively review the application and build additional resiliency and security in the system to return the application to full functionality. As a result, the Drift chatbot on customer websites will not be available, and Drift will not be accessible. We regret any inconvenience and disruption this action may cause.
“Our top priority remains ensuring the integrity and security of our systems and our customers’ data. Our team is working alongside our third-party cybersecurity partners, Mandiant and Coalition, to resolve this as quickly as possible. Thank you for your continued patience and understanding.”
The following day, Salesloft posted a Q&A about Salesforce interruption.
The company clarified that you can still use the Salesloft platform and browser extension for day-to-day work.
For instructions on how to keep using Salesloft while the Salesforce integration is disconnected, they point readers to this Trust Site update from August 31.
In answer to the question of what happens to existing Salesforce data in Salesloft, the company writes: “Salesloft will continue to operate against the last data that was synchronized from CRM prior to the disconnection. Your teams can continue to operate against this as they normally would within Salesloft.”
Addressing concerns of whether customers would lose any critical data while Salesloft and Salesforce are disconnected, they said that, while the connection between systems is disconnected, each side would continue to run independently, and Salesloft is working to make sure data is reconciled once the connection is restored.
Salesloft AI Agents are not impacted, the company said.
“The Account Research Agent, Person Research Agent, Email Personalization Agent, and Buyer Identification Agents will continue to work against all data that was previously synced from your CRM, along with any ongoing activity and web data generated by Salesloft,” Salesloft said.
They added that the Deal Summary agent would work against the last sync from CRM until the connection has been restored.
Salesforce has repeatedly stressed that issues do not stem from a vulnerability within the core Salesforce platform.
Final Thoughts
Stay tuned to Salesforce Ben for more updates on hacking campaigns targeting Salesforce customers.
You can monitor our hub post on the topic, which will be updated as news emerges, here.
The post Salesloft Takes Drift Offline to ‘Build Security’ Following Hack Targeting Salesforce Customers appeared first on Salesforce Ben.
September 04, 2025 at 09:00PM
Click here for more details...
=============================
The original post is available in Salesforce News | Salesforce Ben by Tom M
this post has been published as it is through automation. Automation script brings all the top bloggers post under a single umbrella.
The purpose of this blog, Follow the top Salesforce bloggers and collect all blogs in a single place through automation.
============================
Post a Comment