Major Data Breach at Salesloft and Drift: What You Need to Know and How to Protect Your Data
A significant security incident has impacted two of the most widely used platforms in the sales and marketing technology space: Salesloft and Drift. An investigation has revealed that an unauthorized third party gained access to certain customer data, prompting immediate action from both companies to secure their systems and notify affected users.
This breach serves as a critical reminder of the interconnected nature of modern digital tools and the importance of vigilant security practices. Here’s a detailed breakdown of the incident, the data involved, and the essential steps you should take to protect your accounts.
What Happened? Unpacking the Security Breach
The investigation concluded that an unauthorized actor gained access to production environments containing customer data. The initial point of entry appears to be linked to the compromise of a third-party vendor or service used by both companies, highlighting the persistent threat of supply chain vulnerabilities in the tech industry.
Upon discovering the unauthorized activity, both Salesloft and Drift launched comprehensive investigations, engaged leading third-party cybersecurity firms, and notified law enforcement agencies. The primary goal was to understand the scope of the breach, expel the threat actor, and implement enhanced security measures to prevent future incidents.
What Types of Data Were Exposed?
While the specifics can vary by user, the investigation identified that the compromised data included sensitive information critical to business operations. It’s crucial for all users to assume their data may have been part of this breach and act accordingly.
The exposed data includes:
- Customer Contact Information: Full names, business email addresses, and phone numbers. This information is often used in highly targeted phishing campaigns.
- Hashed and Salted Passwords: While not in plain text, passwords protected with hashing and salting can still be vulnerable to sophisticated cracking techniques over time.
- API Keys and Integration Tokens: This is one of the most critical aspects of the breach. Exposed API keys could allow unauthorized access to connected platforms, such as your CRM (e.g., Salesforce), email marketing tools, and other integrated applications.
The investigation confirmed that financial information, such as credit card numbers, was not compromised in this incident.
Protecting Your Account: 5 Crucial Steps to Take Immediately
If you are a user of Salesloft or Drift, taking immediate, proactive steps is essential to secure your data and mitigate potential risks. Follow this security checklist now.
1. Change Your Password Immediately
Your first priority should be to change your password on both platforms. Do not reuse an old password. Create a long, complex, and unique password using a combination of upper and lower-case letters, numbers, and symbols. A password manager is highly recommended for creating and storing strong credentials.
2. Enable Multi-Factor Authentication (MFA)
Multi-factor authentication adds a critical layer of security that makes it significantly harder for unauthorized users to access your account, even if they have your password. If you haven’t already, enable MFA on your Salesloft and Drift accounts without delay. This is one of the single most effective security measures you can implement.
3. Rotate All API Keys and Integration Tokens
This step is non-negotiable. Exposed API keys are like handing over the keys to your entire tech stack. Log in to your accounts and navigate to the API settings or integrations section. Revoke all existing API keys and generate new ones. You will then need to update these new keys in all of your connected applications to ensure they continue to function correctly.
4. Review User Permissions and Account Access
Conduct a thorough audit of who has access to your company’s Salesloft and Drift accounts. Remove any former employees or users who no longer require access. Ensure that current users have the appropriate level of permissions based on the principle of least privilege, meaning they should only have access to the data and features necessary for their role.
5. Stay Vigilant Against Phishing Attacks
Cybercriminals will likely use the stolen contact information to launch sophisticated phishing and social engineering attacks. Be extra cautious of unsolicited emails or messages asking you to click links, download attachments, or provide sensitive information. Legitimate companies will never ask for your password via email. Scrutinize sender addresses and be wary of any communication that creates a false sense of urgency.
The Broader Lesson: Vendor Security is Your Security
This incident underscores a fundamental truth in today’s digital ecosystem: the security of your business is heavily dependent on the security of your vendors. When you entrust a third-party platform with your data, you are also trusting their security protocols.
Businesses should regularly vet their vendors, ask critical questions about their security practices, and have a clear incident response plan in place. While breaches are becoming increasingly common, a swift and proactive response can make all the difference in protecting your assets and maintaining trust with your customers.
Source: https://www.helpnetsecurity.com/2025/09/08/salesloft-drift-data-breach-investigation-results/
