PagerDuty Affected by Salesloft Drift Supply Chain Breach
Understanding the Incident
PagerDuty, a key player in incident management, has recently confirmed that its customer data may have been compromised due to a significant supply chain hack affecting the Salesloft Drift marketing chat platform. This incident has sparked concerns regarding the security of customer information across a myriad of organizations linked to this breach.
On August 20, 2025, PagerDuty received notification from Salesloft regarding a potential security issue within the Drift application. The specifics unfolded further on August 23, when it was revealed that attackers had exploited a vulnerability in the OAuth integration flow between Salesloft Drift and Salesforce. This security hole could have allowed unauthorized access to PagerDuty’s Salesforce account, raising serious questions about data safety.
Quick Response from PagerDuty
In a blog post dated August 29, PagerDuty reassured its customers that no direct credentials from their platform had been compromised. However, the company has taken proactive measures by disabling access to its Salesforce data via Salesloft Drift as part of its ongoing investigation into the matter.
PagerDuty has emphasized the importance of vigilance for its users in light of the breach. They notified customers about the possible exposure of sensitive information such as names, phone numbers, and email addresses. In a bid to safeguard their users, PagerDuty has urged an increased awareness concerning potential phishing and social engineering attacks that may arise as a result of this incident.
“PagerDuty will never contact anyone by phone to request a password or any other secure details,” the company stated, reinforcing its commitment to security through official communication channels.
The Scope of the Breach
Analysts revealed that the Salesloft Drift security incident has impacted at least 700 organizations, drawing in many companies from various sectors, including cybersecurity. Prominent firms like Zscaler confirmed that some of their customer data was exposed, while others, such as Palo Alto Networks and CloudFlare, reported similar findings.
As more companies conduct their reviews, it’s likely that additional organizations will come forward, disclosing varying degrees of data exposure.
Salesloft’s Take on the Situation
In their latest update released on August 28, Salesloft engaged renowned cybersecurity firms Mandiant and Coalition to assist in their investigation. The platform is currently concentrating on ensuring not only the integrity of their systems but also the security of customer data.
“Our focus remains on ensuring the integrity and security of our systems and your data,” said Salesloft. This indicates a commitment to transparency and accountability as they work through the details of the breach.
Salesloft has pledged to keep affected parties informed as new information surfaces regarding the incident, highlighting the importance of customer communication during such challenging situations.
Moving Forward
As PagerDuty and other affected organizations navigate the aftermath of this breach, maintaining customer trust and ensuring data security remains a top priority. Users are encouraged to stay alert for any unusual activity associated with their accounts and to follow up with the appropriate security measures suggested by their service providers.
The unfolding narrative around the Salesloft Drift hack serves as a stark reminder of potential vulnerabilities within supply chains, urging companies to prioritize cybersecurity and improve their defenses against evolving threats in an increasingly interconnected digital landscape.
