Salesloft Data Breach Exposes Sensitive Business Data of Google, Zscaler, and More
Salesforce, a leading customer relationship management (CRM) platform, has experienced a significant data breach in August 2025, impacting several prominent companies. The breach, exploited via Salesforce integrations using Salesforce Drift OAuth tokens, has exposed sensitive business data.
The incident has affected several companies under contract with Salesforce, including Google, Proofpoint, Tenable, CyberArk, Zscaler, Cloudflare, and Palo Alto Networks. Exposed information ranges from business contact details and product licensing information to certain support case content. Salesforce has warned that hackers exploited OAuth credentials in the Drift app to steal Salesforce data.
Zscaler, one of the affected companies, has taken swift action by revoking Drift's Salesforce access, rotating API tokens, and implementing additional safeguards. Google, meanwhile, has disclosed that the breach affects all Salesforce Drift integrations, not just Salesforce. In a joint announcement with Mandiant, Google revealed a large-scale data theft campaign targeting Salesforce to steal OAuth and refresh tokens. The threat actor, identified as UNC6395, systematically exported large volumes of data from numerous corporate Salesforce instances. The breach exposed Salesforce data, including customer information and support case details, impacting multiple Salesforce customers, including Zscaler.
Attackers, having gained access to Salesforce Drift credentials, also used stolen OAuth tokens to access some Google Workspace emails via the Drift Email integration.
The Salesforce Drift OAuth breach has resulted in a significant data exposure, affecting multiple companies and their customers. Zscaler has experienced a data breach linked to this incident. Companies are urged to review their Salesforce integrations and consider rotating API tokens and implementing additional security measures to protect sensitive data.
