Palo Alto Networks Confirms Data Breach via Compromised Salesforce Instances

Cybersecurity vendor Palo Alto Networks disclosed that its Salesforce environment was breached through a compromised Salesloft Drift integration, marking the latest in a series of supply chain attacks targeting customer relationship management platforms.

According to a statement from Palo Alto Networks, Salesloft’s Drift application—used by hundreds of organizations to streamline sales engagement—suffered an intrusion that affected its OAuth credentials between August 8 and 18, 2025.

Threat actors exploited these credentials to extract data from connected Salesforce instances, including that of Palo Alto Networks, before Salesloft revoked tokens and secured its systems.

“As soon as we learned of the event, we disconnected the vendor from our Salesforce environment and our Unit 42 security teams launched a comprehensive investigation,” the company said.

Investigators determined the compromise was isolated to the CRM platform; “no Palo Alto Networks products or services were impacted, and they remain secure and fully operational.”

The ...