Palo Alto Networks and Cloudflare Verify the Effects of the Salesloft Drift Data Breach

CloudFlare, a prominent Cyber Security and DDoS mitigation firm, has confirmed that it is among the numerous companies affected by a third-party supply chain hack involving the Salesloft Drift marketing platform. In a blog post dated September 2, CloudFlare disclosed that it was notified of the breach, which has compromised customer data. The breach allowed unauthorised access to CloudFlare’s Salesforce instance, which is utilised for customer support and internal case management.

The compromised data primarily consisted of basic contact information, but some support interactions were also accessed, potentially exposing sensitive information such as access tokens. CloudFlare has advised customers to consider any information shared through their support system—such as logs, tokens, or passwords—as compromised. They strongly recommend that customers rotate any credentials that may have been shared. Salesloft initially reported the breach on August 20, and by August 26, it confirmed that the attackers aimed to steal sensitive credentials, including AWS access keys and passwords. 

Categories: Data Breach, Cybersecurity Incident, Customer Data Compromise 

Tags: Cyber Security, DDoS Mitigation, CloudFlare, Data Breach, Salesloft, Drift, Salesforce, Customer Support, Access Tokens, Credentials