Loading

Salesforce Security Response: Drift App (Salesloft) Unauthorized Access Incident

Дата публикации: May 4, 2026
Описание

At Salesforce, we understand that the confidentiality, integrity, and availability of your data is vital to your business. We want to inform our customers about a security incident involving the Drift app, published by Salesloft, that was installed by individual customers from AppExchange.

Salesforce security teams detected unusual activity that may have resulted in unauthorized access to a small number of customers' org data via the Drift app's connection to Salesforce. This issue did not stem from a vulnerability within the core Salesforce platform, but rather from a compromise of the Drift app's connection credentials.

Upon detecting the activity, Salesloft (in collaboration with Salesforce) invalidated active Access and Refresh Tokens and removed Drift from AppExchange. On August 28, 2025 at 04:09 AM UTC, Salesforce disabled the connection between the Drift application and Salesforce.

Update 1 — Thursday, August 28, 2025 at 7:23 PM UTC: Salesforce disabled all integrations between Salesforce and all Salesloft technologies, including the Drift app. Organizations are not able to connect to Salesforce via any Salesloft apps until further notice.

Update 2 — Sunday, September 7, 2025 at 5:30 PM UTC: Salesforce has re-enabled integrations with Salesloft technologies, with the exception of the Drift app. Drift will remain disabled until further notice, following security measures and remediation steps implemented by Salesloft and independently validated by Mandiant.

For Salesloft's latest investigation and remediation updates, see the latest here.

Helpful Resources

 

 

Helpful Articles

 

 

Решение

Salesforce has completed initial remediation steps in response to this security incident. As of September 7, 2025, integrations with Salesloft technologies are re-enabled — the Drift app remains the only exception and will stay disabled until further notice.

Recommended actions to protect your Salesforce org:

  1. Rotate tokens for all connected applications. Go to Setup > Connected Apps > OAuth Usage to review and revoke/rotate tokens. Regularly rotating tokens minimizes the risk of unauthorized access.
  2. Review your connected app access logs. Use SOQL queries to audit which connected apps have accessed your org data recently (see Additional Resources for query examples).
  3. Monitor your Salesforce Trust page for the latest updates on this incident.

For Salesloft's latest investigation and remediation updates, refer to the Salesloft Trust page (see Additional Resources).

Номер статьи базы знаний

005134951

 
Загрузка
Salesforce Help | Article