In August 2025, a significant cyberattack targeted Salesforce, specifically its Salesloft Drift integration, raising serious concerns across industries about data security and third-party platform vulnerabilities.
What Happened?
According to Google’s Threat Intelligence Group, the attackers – identified as UNC6395 – exploited compromised OAuth tokens to gain unauthorised access. This allowed them to export vast amounts of sensitive data, including access keys and passwords, from affected systems.
Who Was Affected?
Reports indicate that organisations across various sectors were impacted, including major tech firms such as Cloudflare, Zscaler, and Palo Alto Networks. These breaches occurred via their Salesforce instances, underscoring the widespread reliance on the platform and the ripple effect of such vulnerabilities.
Why This Matters to You
Salesforce, a US-based company, describes itself as the “number one” Customer Relationship Management (CRM) platform. Its widespread use means that even organisations not directly using Salesforce may be affected through third-party providers who do. For example, this breach has had downstream effects on users of Google Workspace, Amazon Web Services, and other integrated platforms.
This incident serves as a stark reminder that no system is immune to attack – and that businesses must be proactive in their cybersecurity strategies.
What You Can Do to Mitigate the Risk of Data Breaches
Cybersecurity should be a board-level priority. To reduce exposure and strengthen resilience, organisations should consider the following actions:
- Engage with your third-party software providers to confirm whether they have been affected by the breach and understand any potential impact on your systems.
- Establish and maintain a disaster recovery policy that outlines clear procedures to follow in the event of a significant cybersecurity incident.
- Respond swiftly to any data breach, ensuring prompt identification of the breach, containment of the threat, and implementation of remedial measures.
- Conduct a thorough assessment of data flows within your organisation, including how personal and sensitive data is processed internally and shared with external parties.
- Review and audit all third-party contractors and platform integrations, as these may present vulnerabilities or entry points for attackers.
- Ensure your contractual agreements are robust, with provisions that address cybersecurity obligations, incident response support, and appropriate remedies or compensation in the event of failures.
Need Support?
If your organisation has been affected by this breach – or if you’d like to strengthen your cybersecurity posture – our technology team is here to help. Please contact us at technology@stephens-scown.co.uk or alternatively, call us on 0345 540 5558.