Cloudflare Confirms Data Breach Linked to Salesforce and Salesloft Drift

Cloudflare confirms a Salesforce-linked data breach via Salesloft Drift, exposing customer support case data but leaving core systems unaffected.

Cloudflare has confirmed that customer support data was exposed in the Salesloft Drift supply chain attack, which abused Salesforce integrations at hundreds of companies. While its core systems and infrastructure were not affected, the breach did expose sensitive case data, highlighting the risks of third-party SaaS connections.

Cloudflare explained that attackers gained access to its Salesforce environment after exploiting stolen OAuth tokens connected to the Salesloft Drift chatbot. The integration, which lets website visitors reach Cloudflare support, was abused by a threat group, which the company has dubbed GRUB1, to steal data.

What Was Accessed

The compromised information contains Salesforce-related data, including “case objects,” which contain support tickets. These records typically have customer contact details, subject lines, and correspondence between Cloudflare and its customers.

According to Cloudflare’s blog post, no ...