Redazione RHC : 7 September 2025 11:42
Salesloft announced that it would temporarily deactivate its AI-powered chatbot Drift on September 5, after several companies were hit by a massive supply chain attack. The incident resulted in the mass theft of authentication tokens.
Recall that last week, it emerged that hackers compromised the sales automation platform Salesloft and stole OAuth and client update tokens from its AI agent Drift, designed for integration with Salesforce (no relation to Salesloft).
As Google representatives later reported, the attack lasted from August 8 to 18, 2025, was far-reaching and affected, among other things, Google Workspace data.
Salesloft Drift is a platform for integrating the AI-powered chatbot Drift with Salesforce, allowing companies to sync conversations, leads, and support tickets with their CRM. Drift can also integrate with a variety of services, including Salesforce and other platforms (Slack, Pardot, Google Workspace, etc.) to streamline the process.
The developers explain that deactivating Drift will provide the fastest path to a full application review and will also help strengthen the security of the application and its infrastructure, restoring full functionality.
“The Drift chatbot will not be available on customer sites, and all Drift features, including Drift Fastlane and Drift Email, will be disabled during this period,” the company says, but has not yet announced an exact date when the service will return online.
The company emphasizes that its top priority at this time is ensuring the integrity and security of its systems and customer data. Salesloft is working with cybersecurity experts at Mandiant and Coalition to respond to the incident.
Google experts attribute the attack to a threat cluster codenamed UNC6395 (GRUB1 in Cloudflare’s classification). Researchers believe the Salesloft Drift compromise could have potentially affected more than 700 organizations.
Although it was initially thought that the data breach only affected Drift’s integrations with Salesforce, it was later discovered that any platform integrated with Drift was vulnerable. However, the method by which the attackers initially gained access to Salesforce Drift remains unknown.
Many large companies have already reported that this supply chain attack affected their systems. Cyber security companies affected include Zscaler , Proofpoint and Palo Alto Networks, Workiva SaaS platforms, PagerDuty and Exclaimer , Cloudflare and so on.
Redazione