Salesloft Drift AI Breach Expands: Hundreds of Organizations Impacted, Including Google Workspace

Google warns that mass data theft hitting Salesloft AI agent has grown bigger

Google is advising users of the Salesloft Drift AI chat agent to consider all security tokens connected to the platform compromised following the discovery that unknown attackers used some of the credentials to access email from Google Workspace accounts. In response, Google has revoked the tokens that were used in the breaches and disabled integration between the Salesloft Drift agent and all Workspace accounts as it investigates further. The company has also notified all affected account holders of the compromise. Scope expanded The discovery, reported Thursday in an advisory update, indicates that a Salesloft Drift breach it reported on Tuesday is broader than previously known. Prior to the update, members of the Google Threat Intelligence Group said the compromised tokens were limited to Salesloft Drift integrations with Salesforce. The compromise of the Workspace accounts prompted Google to change that assessment. "Based on new information identified by GTIG, the scope of this compromise is not exclusive to the Salesforce integration with Salesloft Drift and impacts other integrations," Thursday's update stated. "We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised." On Thursday, Salesloft's security guidance page made no reference to the new information and instead continued to indicate that the breach affected only Drift integrations with Salesforce. Company representatives didn't immediately respond to an email seeking confirmation of the Google finding. Salesloft Drift is an AI-powered chat agent that allows websites to provide real-time, human-like interactions with potential customers. Salesloft acquired the Drift platform 18 months ago. To streamline the sales process, Drift can integrate into a variety of other services, including with Salesforce (no relation to Salesloft) and other customer relationship management platforms, Slack, Google Workspace, and others. Google on Tuesday said that an attack group it tracks as UNC6395 had engaged in a mass data-theft campaign that used compromised Drift OAuth tokens to gain access to Salesforce instances. Once inside, the attackers accessed sensitive data stored in the Salesforce accounts and searched them for credentials that could be used to access accounts on services such as AWS and Snowflake. The theft spree began no later than August 8 and lasted through at least August 18. In response to the discovery, Salesforce disabled Drift integrations with its main cloud service as well as its Slack and Pardot platforms. Google's Thursday update means that the incident likely hasn't been fully contained. "We recommend organizations take immediate action to review all third-party integrations connected to their Drift instance, revoke and rotate credentials for those applications, and investigate all connected systems for signs of unauthorized access," the update stated. It went on to say that Salesloft has now retained the Google-owned Mandiant incident response service to investigate the breach.

Attacks on Salesloft AI Chatbot Claim Another Victim: Cloudflare

Cloudflare Inc. is warning users of its technology to beef up their security after a hacker accessed the internet infrastructure company's customer support data. "Any information that a customer may have shared with Cloudflare in our support system -- including logs, tokens or passwords -- should be considered compromised, and we strongly urge you to rotate any credentials that you may have shared with us through this channel," Cloudflare wrote in a blog post on Tuesday. Cloudflare learned last week that it was impacted by the mass theft of Salesforce data through a breach of Salesloft Inc.'s Drift, a customer service chatbot. Drift integrates with Salesforce to automate customer service interactions. As a result, "someone outside Cloudflare" got access to its Salesforce systems for customer support and internal case management, the company said. Most of the information comprises customer contact information and basic IT support data. But some of it included access tokens used for user authorization or information about a customer's IT configuration, according to the post.

Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks

Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks. Salesloft's SalesDrift is a third-party platform that connects the Drift AI chat agent with a Salesforce instance, allowing organizations to sync conversations, leads, and support cases into their CRM. According to Salesloft, threat actors obtained Drift OAuth and refresh tokens used for its Salesforce integration, and used them to conduct a Salesforce data theft campaign between August 8 and August 18, 2025. "Initial findings have shown that the actor's primary objective was to steal credentials, specifically focusing on sensitive information like AWS access keys, passwords, and Snowflake-related access tokens," reads a Salesloft advisory. "We have determined that this incident did not impact customers who do not use our Drift-Salesforce integration. Based on our ongoing investigation, we do not see evidence of ongoing malicious activity related to this incident." In coordination with Salesforce, Salesloft revoked all active access and refresh tokens for the Drift application, requiring customers to re-authenticate with their Salesforce instances. To reauthenticate, admins should go to Settings > Integrations > Salesforce, disconnect the integration, and then reconnect with valid Salesforce credentials. Google's Threat Intelligence team (Mandiant) is tracking the threat actor as UNC6395 and states that once they gained access to a Salesforce instance, they issued SOQL queries to extract case authentication tokens, passwords, and secrets from support cases, allowing them to breach further platforms. "GTIG observed UNC6395 targeting sensitive credentials such as Amazon Web Services (AWS) access keys (AKIA), passwords, and Snowflake-related access tokens," reports Google. "UNC6395 demonstrated operational security awareness by deleting query jobs, however logs were not impacted and organizations should still review relevant logs for evidence of data exposure." To hide their infrastructure, the attackers used Tor, as well as hosting providers such as AWS and DigitalOcean. User-Agent strings associated with the data theft attacks include 'python-requests/2.32.4', 'Python/3.11 aiohttp/3.12.15', and for custom tools using 'Salesforce-Multi-Org-Fetcher/1.0' and 'Salesforce-CLI/1.0' Google has provided a list of IP addresses and user agents in its report to help administrators search Salesforce logs and determine if they were impacted by the attacks. Admins of affected environments are advised to rotate credentials and then search Salesforce objects for additional secrets that may have been stolen. These include: While Google is tracking this activity under a new classifier, UNC6395, the ShinyHunters extortion group told BleepingComputer they are behind this activity. When contacted, a representative for the group told BleepingComputer, "No wonder things suddenly stopped working yesterday." The theft of Salesloft tokens is part of a larger wave of Salesforce data breaches linked to the ShinyHunters group, who also claim to overlap with threat actors classified as Scattered Spider. "Like we have said repeatedly already, ShinyHunters and Scattered Spider are one and the same," ShinyHunters told BleepingComputer. "They provide us with initial access and we conduct the dump and exfiltration of the Salesforce CRM instances. Just like we did with Snowflake." Since the beginning of the year, the threat actors have been conducting social engineering attacks to breach Salesforce instances and download data. During these attacks, threat actors conduct voice phishing (vishing) to trick employees into linking a malicious OAuth app with their company's Salesforce instances. Once linked, the threat actors used the connection to download and steal the databases, which were then used to extort the company through email. Since Google first reported the attacks in June, numerous data breaches have been tied to the social engineering attacks, including Google itself, Cisco, Farmers Insurance, Workday, Adidas, Qantas, Allianz Life, and the LVMH subsidiaries Louis Vuitton, Dior, and Tiffany & Co. With these additional attacks, the threat actors have expanded their tactics to not only extort companies but to use stolen data to also breach downstream customers' cloud services and infrastructure.

Google warns Salesloft breach impacted some Workspace accounts

Google now reports that the Salesloft Drift breach is larger than initially thought, warning that attackers also used stolen OAuth tokens to access a small number of Google Workspace email accounts in addition to stealing data from Salesforce instances. "Based on new information identified by GTIG, the scope of this compromise is not exclusive to the Salesforce integration with Salesloft Drift and impacts other integrations,' warns Google. "We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised." The campaign, tracked by Google Threat Intelligence (Mandiant) as UNC6395, was first disclosed on August 26 after attackers stole OAuth tokens for Salesloft's Drift AI chat integration with Salesforce. The threat actors used these tokens to gain access to customer Salesforce instances, where they executed queries against Salesforce objects, including the Cases, Accounts, Users, and Opportunities tables. This data allowed the attackers to scan customer support tickets and messages for sensitive information, such as AWS access keys, Snowflake tokens, and passwords that could be used to breach further cloud accounts, likely for future extortion. In an update published today, Google confirmed that the compromise was more significant than initially believed and not limited to Salesforce integrations. The investigation revealed that OAuth tokens for the "Drift Email" integration were also compromised, and on August 9, the threat actors utilized them to access the email of a "very small number" of Google Workspace accounts that were directly integrated with Drift. Google emphasized that no other accounts in those domains were impacted and that there has been no compromise of Google Workspace or Alphabet itself. The stolen tokens have since been revoked, and customers have been notified. Google also disabled the integration between Salesloft Drift Email and Google Workspace while they investigate the breach. Google is now urging all organizations using Drift to treat every authentication token stored in or connected to the platform as compromised. This warning advises customers to revoke and rotate credentials for those applications and investigate all connected systems for signs of unauthorized access. The company also recommends reviewing all third-party integrations associated with Drift instances, searching for exposed secrets, and resetting any found credentials in case they have been compromised. Salesloft also updated its advisory on August 28, stating that Salesforce has disabled Drift integrations with Salesforce, Slack, and Pardot until an investigation is completed. The company has now engaged Mandiant and Coalition to assist with this investigation.

Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations

Salesloft on Tuesday announced that it's taking Drift temporarily offline "in the very near future," as multiple companies have been ensnared in a far-reaching supply chain attack spree targeting the marketing software-as-a-service product, resulting in the mass theft of authentication tokens. "This will provide the fastest path forward to comprehensively review the application and build additional resiliency and security in the system to return the application to full functionality," the company said. "As a result, the Drift chatbot on customer websites will not be available, and Drift will not be accessible." The company said its top priority is to ensure the integrity and security of its systems and customers' data, and that it's working with cybersecurity partners, Mandiant and Coalition, as part of its incident response efforts. The development comes after Google Threat Intelligence Group (GTIG) and Mandiant disclosed what it said was a widespread data theft campaign that has leveraged stolen OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent to breach customers' Salesforce instances. "Beginning as early as August 8, 2025, through at least August 18, 2025, the actor targeted Salesforce customer instances through compromised OAuth tokens associated with the Salesloft Drift third-party application," the company said last week. The activity has been attributed to a threat cluster dubbed UNC6395 (aka GRUB1), with Google telling The Hacker News that more than 700 organizations may have been potentially impacted. While it was initially claimed that the exposure was limited to Salesloft's integration with Salesforce, it has since emerged that any platform integrated with Drift is potentially compromised. Exactly how the threat actors gained initial access to Salesloft Drift remains unknown at this stage. The incident has also prompted Salesforce to temporarily disable all Salesloft integrations with Salesforce as a precautionary measure. Some of the businesses that have confirmed being impacted by the breach are as follows - * Cloudflare * Google Workspace * PagerDuty * Palo Alto Networks * SpyCloud * Tanium * Zscaler "We believe this incident was not an isolated event but that the threat actor intended to harvest credentials and customer information for future attacks," Cloudflare said. "Given that hundreds of organizations were affected through this Drift compromise, we suspect the threat actor will use this information to launch targeted attacks against customers across the affected organizations."

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent. The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked by Google Threat Intelligence Group and Mandiant, tracked as UNC6395. "Beginning as early as August 8, 2025, through at least August 18, 2025, the actor targeted Salesforce customer instances through compromised OAuth tokens associated with the Salesloft Drift third-party application," researchers Austin Larsen, Matt Lin, Tyler McLellan, and Omar ElAhdan said. In these attacks, the threat actors have been observed exporting large volumes of data from numerous corporate Salesforce instances, with the likely aim of harvesting credentials that could be then used to compromise victim environments. These include Amazon Web Services (AWS) access keys (AKIA), passwords, and Snowflake-related access tokens. UNC6395 has also demonstrated operational security awareness by deleting query jobs, although Google is urging organizations to review relevant logs for evidence of data exposure, alongside revoking API keys, rotating credentials, and performing further investigation to determine the extent of compromise. Salesloft, in an advisory issued August 20, 2025, said it identified a security issue in the Drift application and that it has proactively revoked connections between Drift and Salesforce. The incident does not affect customers who do not integrate with Salesforce. "A threat actor used OAuth credentials to exfiltrate data from our customers' Salesforce instances," Salesloft said. "The threat actor executed queries to retrieve information associated with various Salesforce objects, including Cases, Accounts, Users, and Opportunities." The company is also recommending that administrators re-authenticate their Salesforce connection to re-enable the integration. The exact scale of the activity is not known. However, Salesloft said it has notified all affected parties. In a statement Tuesday, Salesforce said a "small number of customers" were impacted, stating the issue stems from a "compromise of the app's connection." "Upon detecting the activity, Salesloft, in collaboration with Salesforce, invalidated active Access and Refresh Tokens, and removed Drift from AppExchange. We then notified affected customers," Salesforce added. The development comes as Salesforce instances have become an active target for financially motivated threat groups like UNC6040 and UNC6240 (aka ShinyHunters), the latter of which has since joined hands with Scattered Spider (aka UNC3944) to secure initial access. "What's most noteworthy about the UNC6395 attacks is both the scale and the discipline," Cory Michal, CSO of AppOmni, said. "This wasn't a one-off compromise; hundreds of Salesforce tenants of specific organizations of interest were targeted using stolen OAuth tokens, and the attacker methodically queried and exported data across many environments." "They demonstrated a high level of operational discipline, running structured queries, searching specifically for credentials, and even attempting to cover their tracks by deleting jobs. The combination of scale, focus, and tradecraft makes this campaign stand out." Michal also pointed out that many of the targeted and compromised organizations were themselves security and technology companies, indicating that the campaign may be an "opening move" as part of a broader supply chain attack strategy. "By first infiltrating vendors and service providers, the attackers put themselves in position to pivot into downstream customers and partners," Michal added. "That makes this not just an isolated SaaS compromise, but potentially the foundation for a much larger campaign aimed at exploiting the trust relationships that exist across the technology supply chain."

Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks

Revenue workflow platform Salesloft suffered a cyberattack which saw threat actors break in through a third-party and steal sensitive information. The company is using Drift, a conversational marketing and sales platform that uses live chat, chatbots, and AI, to engage visitors in real time, alongside its own SalesDrift, a third-party platform which links Drift's AI chat functionality to Salesforce, syncing conversations, leads, and cases, into the CRM via the Salesloft ecosystem. Starting around August 8, and lasting for about ten days, adversaries managed to steal OAuth and refresh tokens from SalesDrift, pivoting to customer environments, and successfully exfiltrating sensitive data. "Initial findings have shown that the actor's primary objective was to steal credentials, specifically focusing on sensitive information like AWS access keys, passwords, and Snowflake-related access tokens," Salesloft said in an advisory. "We have determined that this incident did not impact customers who do not use our Drift-Salesforce integration. Based on our ongoing investigation, we do not see evidence of ongoing malicious activity related to this incident." In its write-up, Google's Threat Intelligence Group (GTIG) said the attack was conducted by a threat actor known as UNC6395. "After the data was exfiltrated, the actor searched through the data to look for secrets that could be potentially used to compromise victim environments," the researchers said. "GTIG observed UNC6395 targeting sensitive credentials such as Amazon Web Services (AWS) access keys (AKIA), passwords, and Snowflake-related access tokens. UNC6395 demonstrated operational security awareness by deleting query jobs, however logs were not impacted and organizations should still review relevant logs for evidence of data exposure." Google seems to believe this is a unique threat actor, which is why it gave it a unique moniker UNC6395. However, hackers known as ShinyHunters told BleepingComputer the attack was actually their doing - although Google begs to differ, telling the site, "We've not seen any compelling evidence connecting them at this time."

Google warns Salesloft attack may have compromised Workspace accounts and Salesforce instances

Google disabled integrations and warned victims, in response The Salesloft cyberattack that happened earlier this week may have also compromised certain Google Workspace accounts, as well as Salesforce instances. This is according to Google's Threat Intelligence Group (GTIG), who published an updated report to warn about the worrying discovery. On Wednesday, news broke that revenue platform Salesloft fell victim to a third-party cyberattack in which sensitive information was stolen. The company is using Drift, a conversational marketing and sales platform that uses live chat, chatbots, and AI, to engage visitors in real time. Alongside it is SalesDrift, a third-party platform which links Drift's AI chat functionality to Salesforce, syncing conversations, leads, and cases, into the CRM via the Salesloft ecosystem. Starting around August 8, and lasting for about ten days, adversaries managed to steal OAuth and refresh tokens from SalesDrift, pivoting to customer environments, and successfully exfiltrating sensitive data. Now, Google's update says the scope of the compromise impacted more than the Salesforce integration: "We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised," the update reads. TGIG said that the attackers compromised OAuth tokens for the "Drift Email" integration, and used them to access a "very small number" of Google Workspace accounts. Apparently, only the accounts that were configured to integrate with Salesloft were compromised. In response, Google revoked the tokens, disabled the integration functionality, and notified potentially impacted users. "We are notifying all impacted Google Workspace administrators. To be clear, there has been no compromise of Google Workspace or Alphabet itself." Google also recommended organizations immediately review all third-party integrations connected to their Drift instance, revoke and rotate all credentials, and monitor all connected systems for signs of unauthorized access. The researchers believe the attack was done by a group tracked as UNC6395, although ShinyHunters claimed it was their doing.

Breach of Salesloft Drift integration exposes data at Cloudflare, Zscaler and Palo Alto Networks - SiliconANGLE

Breach of Salesloft Drift integration exposes data at Cloudflare, Zscaler and Palo Alto Networks Cloudflare Inc., Zscaler Inc. and Palo Alto Networks Inc. have become the latest companies to be affected by the Salesloft breach, a widespread Salesforce Inc.-related security incident that has been ensnaring more and more companies. The breach originated in early to mid‑August 2025, when attackers exploited a vulnerability in Salesloft's Drift AI chat integration with Salesforce, specifically harvesting OAuth and refresh tokens to access customer relationship management data. Google's Threat Intelligence Group, tracking the threat actor as UNC6395, reports the attacks spanned roughly August 8 to August 18 and targeted numerous Salesforce instances. As noted on Aug. 27, Salesloft provides a popular cloud platform that companies use to manage their sales efforts. The software stores data about deal opportunities, tracks the performance of customer acquisition initiatives and performs related tasks. The breach affected a component of the platform called Drift, a chatbot that can field questions from potential customers who visit a company's website, as well as estimate the likelihood that they will make a purchase. Threat actors exfiltrated data, including Amazon Web Services Inc. access keys, Snowflake tokens, passwords, and support case data. Though Salesloft claims only customers using Drift-Salesforce integration were affected, investigators warn any platform connected to Drift should consider all tokens compromised and revoke them immediately. Cloudflare has confirmed it was affected after being notified on Aug. 23 and has publicly disclosed how it was affected. The breach hit Cloudflare between Aug. 12 and Aug. 17, with the attackers accessing its Salesforce tenant and exfiltrated "case objects," which include customer support tickets, subject lines, correspondence and contact info. Cloudflare found 104 application programming interface tokens in the compromised data, none of which showed misuse, but they were all rotated as a precaution. Zscaler was able to swiftly identify that its Salesforce data was accessed via the compromised Drift tokens, with the company saying access was limited to business contact info, including names, job titles, email addresses, phone numbers, regional details and licensing and commercial information, along with plain-text support case content. The company has revoked the Drift integration, rotated API tokens and initiated a third-party risk investigation while enhancing customer authentication for support channels. Palo Alto Networks likewise confirmed that the breach was contained to its Salesforce CRM installation. The exfiltrated data included business contact information and internal case details, but in some cases, sensitive info, such as credentials, may have been disclosed if included in support case text. The company says none of its products, systems, or services were compromised and that it is notifying impacted customers. Discussing the news, Cory Michal, software-as-a-service security expert and chief strategy officer at SaaS application security company AppOmni Inc., told SiliconANGLE via email that the breaches of Zscaler and Palo Alto Networks "are particularly concerning because they raise the stakes well beyond typical SaaS compromises, especially where support tickets are involved, since they may contain sensitive materials such as API keys, credentials and archive files." "For security companies, which often have privileged access and visibility into client environments, exposure of this data could create opportunities for downstream breaches, supply chain attacks and erosion of trust in the very vendors responsible for defending enterprises," Michal added.

Google Warns of OAuth Attack on Salesforce Users

Google's Threat Intelligence Group (GTIG) issued an advisory on August 26 about a widespread data theft campaign targeting Salesforce customers that ran from August 8 to August 18. A rogue actor, identified as UNC6395, carried out this data theft by using compromised OAuth tokens linked to the Salesloft Drift third-party application. For context, an OAuth token is a digital key that grants a third-party app (Salesloft Drift in this case) access to a user's data and/or resources on another platform without requiring passwords. Meanwhile, Salesloft Drift is an AI-powered chat agent that interacts with customers through "real-time personalised conversations," aiming to deliver "a better buyer experience and more qualified leads." The GTIG advisory says that UNC6395 exported large volumes of data from multiple corporate Salesforce customer instances, with the apparent intention of gaining unauthorised access to users' credentials. To explain, a customer instance refers to a unique and isolated environment of a software product or service that a particular customer uses, often in the context of cloud computing. Each customer instance is separate, which prevents interference with other users and provides data privacy and security. As per the GTIG advisory, the rogue actor targeted sensitive user credentials such as Amazon Web Services (AWS) access keys, and passwords, among other information. UNC6395 also deleted the history of the query jobs they ran. However, this did not impact the larger database of activity logs. As such, Google said that affected organisations "should still review relevant logs for evidence of data exposure." Salesloft became aware of the data theft on August 20, revoked all connections linked to Salesforce, and asked "Drift admins to re-authenticate their Salesforce connection." Notably, the third-party AI chat agent informed all users that the data theft would not impact Drift customers who have not integrated with Salesforce. "We are continuing to investigate and will provide more information as it becomes available. We apologize for any disruption this incident may have caused and appreciate your patience," read the Salesloft website. The rogue actor UNC6395 used compromised OAuth tokens connected to the Salesloft Drift third-party app to execute this data theft. And one must remember that Drift is, after all, an AI agent whose task is to interact with customers. Notably, MediaNama reported in September 2024 that Salesforce was developing its own independent AI agents capable of functioning without human supervision. These agents were expected to increase productivity at Salesforce during busy periods without the need to onboard additional workers. However, in the latest instance, one can see that the Salesloft Drift AI agent became the means by which UNC6395 successfully performed the data theft. This raises several pertinent doubts about customer-facing AI chat agents and the cybersecurity risks they pose, in addition to concerns about the privacy rights of customers, rights that are undermined when malicious actors are able to exploit AI chat agents.