The impact of the Salesloft Drift breach on Cloudflare and our customers
8 days ago
- #Cloudflare
- #Cybersecurity
- #Data Breach
- Cloudflare and its customers were affected by the Salesloft Drift breach, leading to unauthorized access to Salesforce instance data.
- Compromised data includes customer contact information, support case data, and potentially sensitive information like access tokens shared in support interactions.
- Cloudflare identified and rotated 104 API tokens found in the compromised data, with no suspicious activity detected.
- The breach was part of a sophisticated supply chain attack by threat actor GRUB1, targeting business-to-business integrations globally.
- Cloudflare's response included immediate threat containment, securing third-party ecosystems, and customer impact analysis.
- Recommendations for organizations include disconnecting Salesloft applications, rotating credentials, and enforcing least privilege access.
- Cloudflare apologized for the breach, emphasizing the importance of scrutinizing third-party tools and sharing threat intelligence.