We were notified of a security incident involving a third-party application that potentially resulted in unauthorized access to data from Salesforce, our customer relationship management system.
As reported by Google’s security team, an actor allegedly targeted Salesforce customer instances through compromised authentication tokens (OAuth) associated with the Salesloft Drift application. Drift was acquired by Salesloft in 2024. SpyCloud was previously a customer of Salesloft & Drift.
No SpyCloud darknet data was accessed through this Salesloft Drift incident. We are currently assessing the scope of impact as it may relate to our Salesforce instance, and are in the process of notifying affected entities.
We continue to investigate the situation with Salesforce and Salesloft.
Additional information about the incident is available via:
Published: 3:05pm CT – August 27, 2025