Cloudflare Confirms Data Breach Linked to Salesforce and Salesloft Drift

Cloudflare confirmed a data breach exposing customer support case data through the Salesloft Drift supply chain attack that exploited Salesforce integrations at hundreds of companies worldwide. Attackers gained access to Cloudflare’s Salesforce environment using stolen OAuth tokens from the Salesloft Drift chatbot integration, spending nearly a week conducting reconnaissance before exfiltrating support ticket data via Salesforce Bulk API in August 2025. The compromised data included customer contact details, support correspondence, and sensitive information like logs, configuration details, and credentials shared during troubleshooting, with Cloudflare finding 104 valid API tokens that were immediately rotated. This incident affected numerous major companies including Palo Alto Networks, Zscaler, PagerDuty, TransUnion (4.4 million customers), Google, Allianz Life, Farmers Insurance, and others, highlighting widespread vulnerabilities in third-party SaaS integrations. Cloudflare responded by severing the compromised integration, purging Salesloft software, implementing stricter third-party controls, and receiving praise from security experts for its transparent disclosure and accountability in handling the supply chain compromise.​​​​​​​​​​​​​​​​