HackerOne Confirms Data Breach: Unauthorized Access to Salesforce Instance by Hackers

HackerOne has confirmed that it was affected by a recent data breach that allowed unauthorized access to its Salesforce instance. This breach occurred due to a compromise of the third-party application Drift, owned by Salesloft. The bug bounty platform announced the security incident in line with its commitment to “Default to Disclosure.” The security team was first alerted to a potential compromise by Salesforce on Friday, August 22, 2025, which was confirmed by Salesloft the following day. In response, HackerOne activated its incident response protocols and is collaborating with both Salesforce and Salesloft to investigate the breach’s full scope and impact. This incident is part of a larger attack campaign that has affected numerous companies.

According to a report by Google’s Mandiant, threat actors exploited a vulnerability within the Drift application to target Salesforce customer records. By compromising Drift, attackers gained unauthorized access to connected Salesforce environments, enabling the theft of sensitive customer and sales data. While the investigation is ongoing, HackerOne stated that unauthorized parties accessed a subset of records within its Salesforce instance. However, the company is confident that no customer vulnerability data was impacted or exposed during the incident. HackerOne is conducting a forensic analysis to determine the nature of the exposed information and has committed to directly communicating with any affected customers. This incident underscores the significant risks associated with third-party application integrations and the potential for supply chain attacks to circumvent an organisation’s direct security measures. 

Categories: Data Breach, Third-Party Application Vulnerability, Incident Response 

Tags: HackerOne, Data Breach, Salesforce, Drift, Salesloft, Incident Response, Supply Chain Attack, Customer Records, Security Incident, Forensic Analysis