More than 700 organizations were affected by the recent Salesloft Drift Breach, one of the largest SaaS supply-chain breaches to date, including high-profile technology and security vendors such as Cloudflare, Zscaler, Palo Alto Networks, and PagerDuty. Investigators describe the incident as a “widespread supply-chain attack spree” targeting one of the most widely used SaaS integrations. Drift, acquired by Salesloft in 2024, integrates with customer systems such as Salesforce, Slack, and Google Workspace via OAuth tokens. Threat actors exploited this integration to steal authentication tokens and gain access to customer environments.
In a just-published blog post, threat intelligence company SOCRadar analyzes:
- How attackers got in/threat actor behind it
- Technical reasons behind it
- Type of info exposed/number of organizations affected
- How to determine if your company was affected
- How it compares to other supply chain attacks
- Steps should CISOs take to mitigate risks from this incident
- Indicators of Compromise (IOCs) related to Salesloft Drift breach
If you use Salesloft, this should be required reading: Salesloft Drift Breach: Everything You Need to Know
Related
This entry was posted on September 4, 2025 at 8:27 am and is filed under Commentary with tags SOCRadar. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
SOCRadar Analysis: Salesloft Drift Breach – Everything You Need to Know
More than 700 organizations were affected by the recent Salesloft Drift Breach, one of the largest SaaS supply-chain breaches to date, including high-profile technology and security vendors such as Cloudflare, Zscaler, Palo Alto Networks, and PagerDuty. Investigators describe the incident as a “widespread supply-chain attack spree” targeting one of the most widely used SaaS integrations. Drift, acquired by Salesloft in 2024, integrates with customer systems such as Salesforce, Slack, and Google Workspace via OAuth tokens. Threat actors exploited this integration to steal authentication tokens and gain access to customer environments.
In a just-published blog post, threat intelligence company SOCRadar analyzes:
If you use Salesloft, this should be required reading: Salesloft Drift Breach: Everything You Need to Know
Share this:
Like this:
Related
This entry was posted on September 4, 2025 at 8:27 am and is filed under Commentary with tags SOCRadar. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.