Dynatrace Acknowledges Data Breach Connected to Salesloft Drift
Overview of the Incident
In a recent blog post, technology observability firm Dynatrace confirmed that it has fallen victim to a data breach stemming from a larger cyber incident involving Salesloft’s Drift application. This hack has impacted multiple organizations, raising considerable alarm over cybersecurity and data integrity.
Details of the Compromise
The breach took place in August 2025, when unauthorized access was gained to Salesforce customer relationship management (CRM) data due to compromised OAuth credentials linked to the Salesloft Drift application. Dynatrace reported that the breach primarily affected a limited set of customer and marketing data. In a statement, the company reassured stakeholders that its services and products were not impacted by this security lapse.
Salesloft and Salesforce have taken prompt action following the incident by disabling the affected connections and reaching out to impacted customers. These measures are crucial to mitigating any further risks.
Investigative Actions by Dynatrace
Upon learning about the breach, Dynatrace initiated an immediate investigation into its systems. The findings indicated that its Salesforce platform had been compromised; however, the scope of the breach was narrowly focused on certain customer details. Dynatrace clarified that sensitive operational data remained secure, as they do not employ the case function in Salesforce, which means no case-related information was exposed.
Nature of Affected Data
The compromised data primarily consisted of basic business contact information, revealing first and last names of customer contacts along with company identifiers. There was no significant disruption to Dynatrace’s operations following the incident, allowing the company to maintain its usual workflow without interruption.
Heightened Security Awareness
In light of these developments, Dynatrace has begun to alert its customers about potential social engineering attacks or phishing attempts that could arise as a result of the breach. Protecting customer information and preventing fraud are priorities for the company, and they encourage vigilance.
Landscape of Compromised Firms
Dynatrace is not alone in facing the repercussions of the Salesloft breach. Many notable companies—including leading cybersecurity firms like Palo Alto Networks and Zscaler—have also reported being compromised. This widespread incident underscores the need for heightened security protocols across the tech industry.
Insights from Salesloft
Salesloft has shared additional details about the breach, indicating that the threat actor accessed the company’s GitHub account from March to June. This access enabled the perpetrator to conduct reconnaissance activities, ultimately leading to the acquisition of OAuth tokens that facilitated unauthorized access to customer data.
While Salesloft believes the breach has been contained, ongoing investigations with cybersecurity firm Mandiant aim to further dissect the integrity of their systems and prevent future incidents.
Conclusion
As cyber threats continue to evolve, companies like Dynatrace and Salesloft are at the forefront of ensuring customer and operational data remain secure. The industry must collectively strive to implement robust cybersecurity measures to protect against potential vulnerabilities.
