The Business & Technology Network
Helping Business Interpret and Use Technology
Home
Newswire > Cloudflare Says Support Case Data Compromised by Breach of Salesloft’s Drift
Cloudflare Says Support Case Data Compromised by Breach of Salesloft’s Drift
«  

August

  »
S M T W T F S
 
 
 
 
 
1
 
2
 
3
 
4
 
5
 
6
 
7
 
8
 
9
 
10
 
11
 
12
 
13
 
14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
26
 
27
 
28
 
29
 
30
 
31
 
 
 
 
 
 
 

Cloudflare Says Support Case Data Compromised by Breach of Salesloft’s Drift

Tags: management
DATE POSTED:September 2, 2025
PYMNTS.com
Original article

Cloudflare said Tuesday (Sept. 2) that information shared in its customer support system should be considered compromised.

The company issued this warning in a Tuesday blog post in which it disclosed that it was affected by a breach of Salesloft’s Drift that allowed someone outside Cloudflare to access the Salesforce instance it uses for customer support and internal customer case management. 

“Most of this information is customer contact information and basic support case data, but some customer support interactions may reveal information about a customer’s configuration and could contain sensitive information like access tokens,” the post said.

“Given that Salesforce support case data contains the contents of support tickets with Cloudflare, any information that a customer may have shared with Cloudflare in our support system — including logs, tokens or passwords — should be considered compromised, and we strongly urge you to rotate any credential that you may have shared with us through this channel,” the post said.

Cloudflare said in the post that it searched through the compromised data, found 104 Cloudflare API tokens, rotated those tokens and informed the customers whose data was compromised.

The company said that no Cloudflare services or infrastructure were compromised in the breach.

“We are responsible for the choice of tools we use in support of our business,” Cloudflare said in the post. “This breach has let our customers down. For that, we sincerely apologize.”

Salesloft said in an Aug. 20 security update that it detected a security issue in its Drift application and then revoked connections between Drift and Salesforce.

On Aug. 26, Salesloft said it found that a threat actor exfiltrated data from its customers Salesforce instances from Aug. 8 to Aug. 18 and that it had notified all impacted customers.

In subsequent security updates, the company said Aug. 27 that it was working with cybersecurity experts Mandiant and Coalition to contain and remediate the issue, and said Aug. 28 that as a precautionary measure, Salesforce temporarily disabled the Drift integration between Salesforce, Slack and Pardot.

PYMNTS reported on Aug. 27 that the weakest link in a company’s cybersecurity defenses could be a trusted vendor. Companies’ reliance on vendors multiplies their own attack surface.

The post Cloudflare Says Support Case Data Compromised by Breach of Salesloft’s Drift appeared first on PYMNTS.com.

PYMNTS.com
Original article
Tags: management
Newswire > Cloudflare Says Support Case Data Compromised by Breach of Salesloft’s Drift

All Rights Reserved. Copyright , Central Coast Communications, Inc.