Palo Alto Networks, Zscaler, and Cloudflare Hit by Third-Party Salesforce Breach A recent supply chain attack targeting Salesloft Drift, a third-party Salesforce integration, has compromised sensitive data from Palo Alto Networks, Zscaler, and Cloudflare, among hundreds of other organizations. The breach, disclosed on Tuesday, stemmed from stolen OAuth tokens used to access Salesforce environments via the Drift Connected App, enabling threat actors to exfiltrate business contact information, support case details, and, in some cases, credentials. ### Key Details of the Attack - Timeline: The malicious activity occurred from August 8 onward, with attackers leveraging Python/3.11 aiohttp/3.12.15 user agent strings and known threat actor IPs to execute Salesforce Object Query Language (SOQL) queries on objects like Account, Contact, Case, and Opportunity records. - Data Exposed: Primarily business contact information (names, emails, phone numbers, job titles), but also support case contents, including logs, tokens, and passwords shared with vendors. Some customers stored sensitive data in insecure notes fields, increasing exposure. - Attack Method: The threat actor mass-exfiltrated data, scanned for credentials, and deleted queries to obscure forensic traces an anti-forensics tactic. - Impact on Vendors: - Palo Alto Networks confirmed the breach was isolated to its CRM platform, with no impact on its products or services. Exposed data included customer contact and sales account details. - Zscaler reported similar exposure, noting that product licensing and commercial information may have been compromised. - Cloudflare took responsibility for enabling the third-party integration, acknowledging that support case data including customer-shared credentials was accessed. The company urged affected users to rotate compromised credentials. ### Industry Reactions and Lessons - Transparency & Accountability: Cloudflare’s disclosure was praised for its technical detail and ownership of the incident, setting a benchmark for incident response. Analysts highlighted the need for stronger SaaS security and third-party risk management. - SaaS Supply Chain Risks: The attack underscores vulnerabilities in OAuth token security and the challenges of monitoring API-level integrations, particularly as agentic AI frameworks expand. Experts warned that misconfigurations and stolen tokens remain a persistent threat. - Zero Trust & Contractual Safeguards: Recommendations included revoking unused OAuth tokens, enforcing token expiration, and auditing third-party contracts for breach notification, data handling, and sub-processor transparency. - Phishing Risks: The breach’s targeted nature leveraging real business data could fuel highly convincing phishing, smishing, and vishing campaigns, making detection harder for victims. ### Broader Implications The incident reflects the growing threat of SaaS supply chain attacks, where a single compromised vendor can expose hundreds of downstream organizations. As enterprises increasingly rely on interconnected third-party apps, securing API access, identity management, and token hygiene becomes critical to mitigating future risks.

The Salesloft breach originated from a compromise where threat actors stole Salesforce Drift tokens, enabling unauthorized access to Salesforce and Cloudflare systems, along with other connected enterprises. This supply chain attack cascaded across multiple organizations, exposing sensitive data and raising concerns about third-party risk management. The breach exploited vendor vulnerabilities, highlighting gaps in MSSP threat preparedness and external threat visibility. While the exact data compromised was not detailed, the incident involved large-scale credential theft and unauthorized system access, potentially affecting customer and operational data across dependent enterprises. The attack underscored the risks of shadow integrations and unpatched third-party exposures, emphasizing the need for real-time monitoring and autonomous risk assessment in supply chains.

The cybercriminal group Scattered Lapsus$ Hunters breached Salesloft/Salesforce and exfiltrated sensitive corporate data, which they threatened to leak publicly. Despite law enforcement (FBI and French authorities) seizing the domains (breachforums.hn and its Tor counterpart) used by the group to host the stolen files, the attackers swiftly restored access via alternative channels. The leaked data included proprietary and potentially confidential information from Salesloft/Salesforce, alongside files from over 40 other major companies (e.g., Qantas, Gap, Toyota, Disney). The breach underscores the group’s persistence in extortion and data exposure, even after infrastructure disruptions. While no arrests were made, the incident highlights the escalating risks of third-party vendor breaches and the challenges in mitigating large-scale data leaks once threat actors gain initial access. The group’s shift from traditional forums to Telegram for operations further complicates tracking and enforcement efforts.

The attack on Salesloft began with the compromise of an internal GitHub repository, where attackers stole a high-privilege OAuth token granting access to its Drift cloud application. Exploiting Drift’s trusted integrations, the attackers pivoted to Salesforce instances of multiple high-profile customers—including Palo Alto Networks, Cloudflare, Zscaler, and Tenable—exfiltrating customer conversation data, contact details, and sensitive business information. The breach exposed a supply-chain vulnerability, where a single compromised AI-powered integration (Drift’s chatbot) enabled mass data theft across 700+ organizations, including cybersecurity leaders. The attackers also harvested OpenAI API credentials, demonstrating the cascading risks of interconnected AI ecosystems. While companies like Okta mitigated damage via IP allow-listing, others faced reputational harm, forensic costs, and erosion of customer trust. The incident highlighted critical gaps in third-party risk management, token security, and AI integration monitoring, with long-term implications for enterprise security postures.

Salesloft’s Drift platform—a widely used AI-powered chatbot and marketing SaaS tool—was compromised in a large-scale supply chain attack by the threat cluster UNC6395 (GRUB1). Attackers exploited stolen OAuth and refresh tokens tied to Drift to breach over 700 organizations, primarily by infiltrating their Salesforce instances and potentially other integrated platforms. The breach enabled mass theft of authentication tokens, exposing customer credentials and sensitive data for future targeted attacks. Salesloft responded by temporarily taking Drift offline to mitigate risks, while Salesforce preemptively disabled all Salesloft integrations. Companies like Cloudflare confirmed the incident was part of a coordinated campaign to harvest credentials for follow-on attacks. The initial access vector remains undisclosed, but the scale suggests systemic vulnerabilities in Drift’s security architecture, risking long-term reputational damage, financial fraud, and operational disruptions across affected enterprises.

In August 2025, hackers breached Salesloft’s SaaS platform by stealing OAuth access tokens linked to its Drift chatbot integration with Salesforce. The attackers exploited these tokens—functioning as trusted non-human identities—to impersonate the integration and gain unauthorized access to Salesforce CRM data across hundreds of organizations. Over a 10-day campaign, they exfiltrated sensitive records, including stored credentials like AWS keys and Snowflake tokens from support case attachments. The breach highlighted the risks of unmonitored machine identities with excessive privileges, enabling large-scale data theft without traditional human account compromises.

The Clop ransomware gang exploited a critical zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite (EBS), specifically within the BI Publisher Integration component, to conduct data theft attacks since at least August 2025. The flaw allowed unauthenticated remote code execution (RCE) via a single HTTP request, enabling attackers to steal sensitive corporate documents from unpatched systems. Oracle patched the vulnerability in early October 2025, but not before Clop launched an extortion campaign, emailing executives at multiple victim organizations to demand ransoms in exchange for not leaking the stolen data.The attack leveraged a vulnerability chain exposed by leaked proof-of-concept (PoC) exploits from the Scattered Lapsus$ Hunters group, increasing the risk of further exploitation by other threat actors. Clop’s campaign mirrors past high-profile breaches, including MOVEit Transfer (2,770+ organizations affected), Accellion FTA, and GoAnywhere MFT, reinforcing its reputation for large-scale data theft via zero-days. Oracle urged immediate patching, warning that internet-exposed EBS applications remain prime targets. The U.S. State Department has even offered a $10 million reward for intelligence linking Clop to foreign state sponsorship, underscoring the attack’s severity.

The Great SaaS Breach of 2025: How a Single OAuth Token Compromised 700+ Organizations A new report from Grip Security reveals alarming trends in SaaS security, analyzing 23,000 SaaS environments and uncovering critical vulnerabilities. Every company examined operates AI-embedded SaaS applications, with a 490% year-over-year surge in public SaaS attacks. 80% of incidents involve PII or customer data, but the most concerning finding is the average organization’s exposure to 140 AI-enabled SaaS environments each a potential vector for cascading breaches. The Salesloft Drift incident, dubbed the "Great SaaS Breach of 2025," exemplifies this risk. UNC6395 attackers compromised Salesloft’s GitHub repositories, then pivoted to Drift’s AWS environment, stealing OAuth and refresh tokens used by customers to connect the Drift Chatbot to Salesforce, Slack, and other apps. With a legitimate OAuth token, the attackers impersonated Drift, breaching Salesforce installations across 700+ organizations, including Cloudflare, Palo Alto Networks, Zscaler, and CyberArk. The attack exploited shadow AI AI embedded in SaaS apps without formal oversight where businesses unknowingly adopt agentic AI for efficiency, often without auditing security implications. OAuth tokens, treated as routine access credentials, became the weak link. Once stolen (often via infostealers), they granted attackers unhindered access, enabling them to cascade through connected systems via IdentityMesh a unified authentication flaw that links multiple AI environments. The report warns that 2026 could see even larger breaches, as autonomous workflows outpace security controls. While regulations are emerging, they remain fragmented, conflicting, and unevenly enforced. The solution, according to Grip, lies in dynamic governance: replacing static approvals with continuous oversight, discovery, and risk-based controls to treat AI as a managed third-party risk. The incident underscores that AI is not a future threat but a present one, reshaping business risk and without proactive measures, the blast radius of a single breach will only grow.

Supply Chain Attacks Quadruple as Cybercriminals Exploit Trusted Third Parties Over the past five years, supply chain and third-party breaches have surged, with incidents increasing fourfold, according to IBM’s X-Force Threat Intelligence Index 2026. Attackers are shifting tactics, bypassing direct defenses by targeting interconnected systems vendors, open-source dependencies, CI/CD pipelines, and cloud interfaces to gain indirect access to customer environments. Recent attacks on platforms like Salesloft and Drift, where compromised OAuth tokens enabled access to Salesforce environments, highlight how breaches of trusted partners can cascade across organizations. The report reveals a 44% year-over-year rise in public-facing application exploits, driven by vulnerabilities, misconfigurations, and supply chain attacks on development ecosystems. Despite advancements in AI-driven security tools, 56% of the nearly 40,000 tracked vulnerabilities in 2025 required no authentication to exploit, underscoring persistent gaps in basic cybersecurity hygiene. Experts attribute these failures to inconsistent implementation of foundational controls at scale. North America became the most targeted region in 2025, accounting for 29% of X-Force incident response cases up from 24% in 2024 while Asia Pacific’s share dropped from 34% to 27%. The shift reflects North America’s central role in global supply chains, where a single compromise can provide downstream access to multiple partners. Meanwhile, stronger identity controls and network segmentation in parts of Asia Pacific appear to be raising the cost of attacks, pushing adversaries toward easier targets. AI-driven tools are creating new attack surfaces, with over 300,000 ChatGPT credentials found for sale on the dark web in 2025. Open-source AI agent platforms like OpenClaw have emerged as security risks, as their data access requirements introduce insider threat-like vulnerabilities. Infostealer malware targeting AI chatbot credentials is an escalating concern, with attackers leveraging AI-assisted phishing to harvest credentials at scale. To mitigate risks, experts emphasize parallel priorities: rapid patching of unauthenticated flaws to reduce initial access risks, and identity hardening including phishing-resistant MFA, least-privilege access, and continuous authentication monitoring to limit lateral movement. Organizations face a strategic choice: vertically integrate supply chains to control every component or accept ecosystem complexity and focus on detection and response. However, solutions like transparency remain limited, as many organizations lack the expertise to act on visibility alone. The report concludes that while sophisticated threats exist, most breaches stem from preventable gaps valid credentials, unpatched vulnerabilities, and poor asset management. As one analyst noted, attackers “don’t need zero-days; they just need valid credentials and patience.” The trend underscores that cybersecurity hygiene remains the first line of defense, even in an era of AI-driven threats.

Salesloft, a sales engagement platform leveraging AI chatbots (Drift) and deep Salesforce integrations, suffered a large-scale breach orchestrated by the Scattered Lapsus$ Hunters group. The attack began in late 2024 via voice phishing (vishing), tricking employees into installing malicious Salesforce integrations, granting API-level access to corporate data. By mid-2025, attackers compromised Salesloft’s GitHub repository, extracting credentials and AWS OAuth tokens used by clients for third-party integrations. These tokens enabled lateral movement across systems, culminating in mass data exfiltration from Salesloft Drift customers by August 2025. On October 3, 2025, the group launched a Tor-based extortion portal, publicly listing victims and stolen data volumes, demanding ransom payments by October 10 to prevent leaks. The breach exposed sensitive CRM data—customer leads, deal details, and operational intelligence—via abused integrations and token theft. While Salesforce’s core platform remained unbreached, the attack exploited integration vulnerabilities and poor credential hygiene, highlighting risks in SaaS ecosystems. The incident underscores the shift toward ransomware-as-a-service (RaaS), with the group monetizing stolen data through extortion rather than encryption.

Salesloft suffered a breach in March 2024 when hackers (linked to UNC6395/ShinyHunters) compromised its GitHub account, conducting reconnaissance for three months before stealing authentication tokens (including OAuth tokens for Drift’s AI/chatbot platform). These tokens were then used in a supply-chain attack, granting access to Salesloft’s AWS environment and customer systems (e.g., Bugcrowd, Cloudflare, Google, Palo Alto Networks, Proofpoint, Tenable). The attackers targeted Salesforce instances, exfiltrating sensitive data from support tickets, including AWS access keys, passwords, and Snowflake-related tokens. The breach enabled credential theft for extortion, with victims contacted privately. Salesloft took six months to detect the intrusion, raising concerns about its security posture. While the incident is now contained, the attack exposed customer integration ecosystems, risking downstream breaches across high-profile tech firms. The hackers’ focus on credential harvesting suggests potential for further exploitation of compromised systems.