Salesloft has acted quickly to address an ongoing data breach related to its Drift application. This breach allegedly affected 22 other companies. As you may know, the breach began when Salesloft’s GitHub account was hacked. This was followed by the remote access and reconnaissance phase between March and June 2025. In reaction, Salesloft has had the Drift infrastructure segregated to safeguard the privileged. They pulled the application offline permanently on September 5, 2025 at 6 a.m. ET.
In the course of its investigation, Salesloft learned that a threat actor had misused their GitHub account. The intruder was able to read and copy content from dozens of repositories. The actor was able to create a guest user and set workflows in the system.
“With this access, the threat actor was able to download content from multiple repositories, add a guest user, and establish workflows,” – Salesloft
Isolation and Security Measures Implemented
To prevent any additional damage from occurring, Salesloft removed the Drift application and related infrastructure in a contained manner. The cybersecurity company has addressed some of the most significant aspects of their security at risk. Today, they have rotating credentials in the Salesloft environment and more granular segmentation controls of their Salesloft and Drift applications.
Salesloft is strongly recommending that all third-party applications connected to Drift through API key proactively revoke any existing keys. This precaution is intended to help reduce any risk of exposure resulting from the breach.
“We are recommending that all third-party applications integrated with Drift via API key, proactively revoke the existing key for these applications,” – Salesloft
Impact on Salesforce Integration
As a result of the breach, Salesforce announced that it would halt integration with the Salesloft platform, starting on August 28th. Salesforce restored this integration on September 7, 2025, at 5:51 p.m. UTC, but with specific exclusions regarding the Drift application.
Salesforce last night confirmed all third-party integrations have been restored. They underscored that any connections through the Drift app remain off for now.
“Salesforce has re-enabled integrations with Salesloft technologies, with the exception of any Drift app,” – Salesforce