Salesloft drift Incident: SpyClouds Response
At SpyCloud, we believe security starts with visibility into what criminals know about individuals and businesses. Our charge is to supply proactive identity threat protection, and were committed to retention you informed about emerging risks and criminal activities that could impact your people and organization.
What Happened?
We were notified of a security incident involving a third-party application that potentially resulted in unauthorized access to data from Salesforce, our customer relationship management system.
As reported by Googles threat intelligence team, an doer allegedly targeted Salesforce customer instances through compromised authentication tokens (OAuth) associated with the Salesloft drift application. drift was acquired by Salesloft in 2024. SpyCloud was previously a customer of Salesloft & Drift.
Immediately upon learning of the potential unauthorized access, we terminated the token access to our systems and began a full investigation of the incident internally.