High-profile breaches of Salesforce CRM systems were caused by attackers exploiting vulnerabilities in the Salesloft Drift platform, leading to data exfiltration from major companies like Google and Cloudflare. The attack involved infiltration of Salesloftโs GitHub and AWS environments, which ultimately allowed hackers to steal OAuth tokens and access sensitive enterprise data. #Salesloft #Salesforce #Google #Cloudflare #Drift
Keypoints
- Several companies reported breaches of their Salesforce CRM systems starting in July 2025.
- The original attack vector involved exploiting vulnerabilities in Salesloft Drift to access Salesforce data.
- Attackers succeeded in hacking Salesloftโs GitHub repositories and AWS environment, creating security risks.
- Stolen OAuth credentials enabled access to sensitive data from thousands of customers, including Google and Cloudflare.
- Most affected organizations are unaware of the breach, with potential extortion threats looming.