Cloudflare Confirms Data Breach – Customer Data Exposed via Salesforce Attack

Cloudflare has disclosed a significant data breach affecting customer information following a sophisticated supply chain attack targeting its Salesforce integration with Salesloft Drift.

The incident, which occurred between August 12-17, 2025, resulted in the exposure of customer support case data and potentially sensitive credentials shared through support channels.

The Breach Details

The cybersecurity company became aware of suspicious activity within its Salesforce tenant last week after being notified by Salesforce and Salesloft about a broader security incident.

The attack was orchestrated by an advanced threat actor designated as GRUB1, who exploited compromised OAuth credentials from the Salesloft Drift chatbot integration to access Cloudflare’s customer support system.

The compromised data includes customer contact information, support case subject lines, and the full body of customer correspondence with Cloudflare support.

While no file attachments were accessed, the breach potentially exposed any sensitive information customers may have shared in support tickets, including API ...