In the summer of 2025, the cybersecurity world was shaken by one of the year’s most consequential supply-chain attacks. The widely adopted Drift chatbot, freshly under Salesloft’s stewardship, became the epicenter of large-scale credential and data theft, exposing some of the security industry’s best-known vendors—Qualys, Tenable, Proofpoint, Black Duck, and BeyondTrust, among hundreds of others.
Prologue: The Perfect Prey—Third-Party Integrations
Drift isn’t just a chatbot. It’s deeply woven into the SaaS fabric, connecting to popular tools like Salesforce, Google Workspace, and Slack via OAuth tokens. This trust is what made it the ideal entry point for threat actors—the kind of trust that, once weaponized, lets attackers deeper into the cloud environments of its customers.
The Anatomy of the Attack
Phase 1: Recon and Persistence (March–June 2025)
The campaign started quietly when threat actor UNC6395 (“GRUB1”) compromised Salesloft’s GitHub repository, escalating privileges inside the Drift environment and quietly hunting for sensitive integration credentials.
Phase 2: Pillage and Exfiltration (August 8–18, 2025)
In August, attackers harvested OAuth credentials via the Drift app. These tokens gave direct, trusted access to customer data stored in their Salesforce environments, without triggering alarms. Between August 8–18, UNC6395 leveraged Python automation against Salesforce Bulk APIs, systematically exporting huge troves of sensitive data—contacts, cases, embedded credentials, and internal notes.
Discovery, Response, and Fallout
August 20–28, 2025: The Unraveling
Salesloft and Salesforce revoked all Drift-related tokens and removed Drift from the Salesforce AppExchange, but the scope widened. Google’s Threat Intelligence Group discovered tokens for other integrations—Google Workspace and Slack—were also hijacked. Drift was taken offline for remediation.
September 1–7, 2025: Vendors Respond
Victims—including Qualys, Tenable, Proofpoint, Black Duck, and BeyondTrust—disclosed the breach to customers. Each vendor reported attackers had accessed Salesforce support case information, business contacts, and internal notes, but not production systems or core platforms:
- Qualys: Lead and contact details accessed, not cloud platform or sensitive data.
- Tenable: Support case metadata and some business contacts exposed, with no product impact.
- Black Duck: Contact info, names, job titles, and case content accessed; no service disruption.
- Proofpoint: Unauthorized Salesforce access, but no customer or internal platform impact.
- BeyondTrust: Salesforce records and ticket data accessed; products and internal systems safe.
All organizations promptly disabled the Drift integration and hardened third-party app controls, while forensic investigations kicked off alongside Mandiant.
Technical Lessons from the Breach
This attack exploited:
- Compromised OAuth tokens—the linchpin for trusted, automated SaaS integrations.
- Overly broad permissions—Drift was given extensive access to customer Salesforce instances.
- Supply-chain blind spots—legitimate app actions bypassed most anomaly detection controls.
- Python automation and anti-forensics—attackers used efficient bulk API queries and deleted jobs to mask activity, but audit logs still revealed what happened.
No Salesforce vulnerabilities were found; the breach stemmed from weak credential management, excessive app permissions, and slow monitoring of third-party OAuth tokens.
Epilogue: Lessons for SaaS Security
The Salesloft Drift campaign was not just about stolen information—it’s a lesson in the risks of SaaS supply chains and the weaknesses that can lurk in trusted third-party integrations. For security teams, it’s a call to audit app permissions, monitor OAuth token behavior, and respond aggressively to even the faintest shadow of compromise.
If an app is trusted, make sure it’s also verified—and monitored—every step of the way.
