Cloudflare Confirms Data Breach After Salesloft Drift Attack

The exposed data included customer contact information and support case details. While Cloudflare does not require customers to share credentials in support cases, some users had submitted API tokens, logs, or passwords through this channel. The company urged customers to rotate any credentials shared in support tickets.

Cloudflare said it found 104 API tokens in the compromised data, all of which have now been rotated. The company added that it has seen no suspicious activity linked to the stolen tokens. All affected customers have been notified directly.

Moreover, the attack has been attributed to an advanced threat group known as GRUB1. Cloudflare stressed that this was not an isolated incident but part of a broader campaign targeting third-party SaaS integrations.

We are responsible for the choice of tools we use in support of our business. This breach has let our customers down. For that, we sincerely apologize.

Cloudflare

The incident underscores the growing risks of third-party integrations. Cloudflare has cut ties with the compromised Drift service, rotated credentials across its systems, and stepped up monitoring. It also urged organizations to review their Salesforce integrations, rotate credentials, and audit support case data for exposure. 

That’s all about Cloudflare for now. If you want to stay in the loop on what’s happening in tech and AI, hop on our WhatsApp channel. Where along with the latest news, we share interviews, reviews, and plenty of insights you’ll actually want to read.