Cloudflare has confirmed that its Salesforce instance was compromised in the recent Salesloft Drift supply-chain attack, which also impacted several major companies, including Palo Alto Networks and Zscaler.
The incident took place between August 12 and 17, when hackers used the compromised Drift integration to access Cloudflare’s customer support case data. This included customer names, contact information, subject lines, and freeform support text that may have contained sensitive details such as logs, configuration settings, tokens, or passwords.
Cloudflare said it was alerted on August 23 and immediately launched a security investigation. The company disabled the compromised account, revoked client IDs and secrets, removed related software, and rotated third-party credentials. Using custom scanning tools, Cloudflare found 104 API tokens in the exposed data. Although there was no evidence of misuse, all tokens were proactively rotated, and affected customers were notified.
The company emphasized that its services and infrastructure were not impacted by the breach. Security experts praised Cloudflare’s response for its transparency and speed, noting it as a model example of incident handling.
This attack is part of a broader campaign that has affected over 700 Salesforce customers worldwide, with Google warning that OAuth tokens from Drift could also put platforms like Google Workspace, AWS, and Snowflake at risk.
Cloudflare’s handling of the breach highlights the growing need for companies to monitor third-party integrations closely and act quickly when supply-chain risks emerge.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
