Newsinterpretation

Salesforce Side Door: Hackers hit Cloudflare via Drift–Salesloft link, customer data exposed

Cloudflare has confirmed that hackers managed to break into its Salesforce system and steal customer data. The company explained that this attack was part of a much larger supply chain hack that targeted hundreds of organizations worldwide.

How the Hackers Got In

The attack began when criminals found a weakness in a chatbot tool called Drift, which connects with Salesforce through another platform called Salesloft. This gave the hackers a way into Cloudflare’s Salesforce system.

Investigators found that the group behind the attack, which Cloudflare’s team named GRUB1, carried out reconnaissance starting on August 9, 2025. By August 12, they had broken into the system. Between August 12 and August 17, they explored Cloudflare’s Salesforce environment and copied data stored in support cases.

Cloudflare was officially warned about the vulnerability on August 23 by Salesforce and Salesloft. At that point, the company launched a full-scale investigation and response effort.

What Data Was Stolen

The hackers were able to reach customer support “cases” inside Salesforce. These cases usually contain customer contact details, subject lines, and the text of emails or conversations with support teams.

While Cloudflare does not normally ask customers to share private information in these tickets, the company admitted that some users may have copied sensitive data, such as passwords, API keys, or logs, into the text fields. Cloudflare warned that any such information should now be treated as compromised.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

Importantly, the hackers did not get access to attachments within the support cases. They also did not breach any of Cloudflare’s core systems or infrastructure. This means the company’s main services continued to run safely.

Cloudflare reviewed the stolen data and discovered that hackers had exposed 104 of its own API tokens. Although investigators found no sign of misuse, the company immediately rotated all tokens as a safety step. The company confirmed that every affected customer was directly notified on September 2, 2025.

Cloudflare and Other Victims Respond

As soon as Cloudflare discovered the breach, it took several emergency steps. The company shut down the compromised Drift integration, reset all credentials linked to third-party services, and carefully checked the stolen data to assess customer impact.

Cloudflare accepted responsibility for the incident, saying that it had failed customers by not securing its support system strongly enough. The company offered an apology and urged anyone who had ever shared credentials in support cases to change them immediately.

Jaguar Land Rover confirms cyber incident disrupted production and sales while systems restored

Other large companies also faced impact from the same supply chain attack, not just Cloudflare. A major cybersecurity provider confirmed hackers stole internal sales data and contact details from its CRM system.

Another cloud security company said hackers accessed customer names, contact information, and some support case details. A global tech giant also reported hackers accessed a small number of its Workspace accounts using stolen tokens.

The attack highlights how a single weak point in a third-party tool can impact many global companies at once. Cloudflare’s disclosure shows just how far the hackers managed to reach by exploiting one integration in the SaaS ecosystem.

Renuka Bangale
Renuka is a distinguished Chartered Accountant and a Certified Digital Threats Analyst from Riskpro, renowned for her expertise in cybersecurity. With a deep understanding of cybercrimes, malware, cyber warfare, and espionage, she has established herself as an authority in the field. Renuka combines her financial acumen with advanced knowledge of digital threats to provide unparalleled insights into the evolving landscape of information security. Her analytical prowess enables her to dissect complex cyber incidents, offering clarity on risks and mitigation strategies. As a key contributor to Newsinterpretation’s information security category, Renuka delivers authoritative articles that educate and inform readers about emerging threats and best practices.

TOP 10 TRENDING ON NEWSINTERPRETATION

Harrods Issues Urgent Warning After Customer Data Stolen in IT Breach

Personal details exposed in breach at third-party system Luxury department...

Shock in royal drama world—Dormer rejects promotion of Ferguson series, gives pay to child abuse charities

Actress Refuses Promotion and Donates Salary Actress Natalie Dormer has...

Trump plays Amelia Earhart records declassification card while Epstein scandal shadows his every move

President Donald Trump has announced that he will declassify...

London in shock—Russia-linked hackers steal personal data of 8,000 children from nursery chain

A major cyberattack has hit nurseries across London, leaving...

Bernie Sanders warns AI push by Musk Zuckerberg and Altman focuses on wealth not public benefit

Senator Bernie Sanders Criticizes Tech Giants Over AI Push Senator...

FBI uncovers ‘terrorize ICE’ note, but Joshua Jahn’s family disputes anti-ICE narrative

On September 24, 2025, Joshua Jahn, a 29-year-old from...

Leaked emails expose Epstein’s $54M legal war chest — Dershowitz, Starr, Lefkowitz among defenders

Newly obtained private emails show the support and guidance...

Hackers tied to Rhysida gang demand 3.4 million ransom after Maryland Transit Administration breach

The Maryland Transit Administration (MTA) has been hit by...

Homeland Security sparks outrage as Pokémon Company warns of legal action over viral ICE video

The Pokémon Company International has spoken out against a...

Newsom boosts Ocasio-Cortez into national spotlight with Prop 50 campaign

Rep. Alexandria Ocasio-Cortez, often known as AOC, is once...
error: Content is protected !!
Exit mobile version