Salesloft Trust Portal September 13, 2025 at 1:19 AM

Important Update Regarding Drift Security
The following provides additional information to our trust site post on September 6, 2025, regarding our current Drift remediation and fortification efforts and those going forward. We are continuing our efforts on remediation and additional security controls.

We are focused on the ongoing hardening of the Drift Application environment. This process includes rotating credentials, temporarily disabling certain parts of the Drift application and strengthening security configurations.

Furthermore, we are implementing new multi-factor authentication processes and further refining limitations to the application environment. These measures are complemented by an ongoing analysis of available logs and configuration settings, as well as the remediation of secrets within the environment and GitHub hardening activities.

As a part of this process, we have systems that will be turned on over the weekend that may send you automated notifications originating from Drift. Please disregard these notifications as they are part of our security testing process. Until we provide you with a definitive update that the Drift application has been restored and re-enabled, it will remain inaccessible to customers and third party integrations.

All of this is focused on continuing to harden the Drift environment prior to and after re-enabling the Drift application — which we expect to be soon.

September 11, 2025 at 12:30 AM
Drift Status Update
Most Recent: We want to provide you with an update regarding the status of the Drift application while it is temporarily offline.

On Sept 6, we posted a trust site update detailing the initial results of our investigation and remediation efforts to date. While Drift is offline, Salesloft is working to confirm the root cause of the security incident and implement additional security measures to avoid similar incidents in the future and to restore the application as soon as possible. We hope to be able to provide an ETA soon for getting Drift back online.

At this time, we are advising all Drift customers to treat any and all Drift integrations and related data as potentially compromised.

The security of your data and operations remains our highest priority, and we are committed to providing a safe and secure platform for all users. Thank you for your patience during this time.

For ongoing updates, please subscribe to trust.salesloft.com.

September 07, 2025 at 9:20 PM
Salesforce/Salesloft Integration Is Restored
We are pleased to report that the integration between the Salesloft platform and Salesforce is now restored.

Salesforce users can once again leverage the full capabilities and integrations of the Salesloft platform with confidence. For more information, read our most recent trust site update.

While the connection between systems was disabled, both Salesloft and Salesforce continued to run independently. The Salesloft Customer Success team will be reaching out to you directly to help you with data reconciliation before we can re-enable your Salesforce sync. Once we connect with you, the restoration should be relatively quick.

The step-by-step process for re-syncing your data and activities between Salesloft and Salesforce can be found in this help article.

The security of your data and operations remains our highest priority, and we remain committed to providing a safe and secure platform for all users. Thank you for your patience during this time and for your continued partnership.

For assistance, please contact Customer Support at help.salesloft.com.
For ongoing updates, please subscribe to our trust site (trust.salesloft.com)

September 07, 2025 at 2:00 AM
Update on Mandiant Drift and Salesloft Application Investigations
On August 28, 2025, Salesloft retained Mandiant to investigate the compromise of the Drift platform and its technology integrations. The objectives of the investigation are to determine the root cause, scope of the incident, and assist Salesloft with containment and remediation. Mandiant was subsequently engaged to examine the Salesloft environment to determine if it was compromised and verify the segmentation between the Drift and Salesloft environments.

The following is an update as of September 6, 2025:

What Happened:

Mandiant’s investigation has determined the threat actor took the following actions:

In March through June 2025, the threat actor accessed the Salesloft GitHub account. With this access, the threat actor was able to download content from multiple repositories, add a guest user and establish workflows.

The investigation noted reconnaissance activities occurring between March 2025 and June 2025 in the Salesloft and Drift application environments.
The analysis has not found evidence beyond limited reconnaissance related to the Salesloft application environment.
The threat actor then accessed Drift’s AWS environment and obtained OAuth tokens for Drift customers’ technology integrations.

The threat actor used the stolen OAuth tokens to access data via Drift integrations.
Response and Remediation Activities:

As part of a comprehensive response, Salesloft performed containment and eradication activities, validated by Mandiant, in the Drift and Salesloft application environments, including but not limited to:

Drift Application Environment:
Isolated and contained the Drift infrastructure, application, and code.
The Drift Application has been taken offline.
Rotated impacted credentials
Salesloft Application Environment:
Rotated credentials in the Salesloft environment.
Performed proactive threat hunting of the environment and noted no additional Indicators of Compromise (“IOCs”) found.
Rapidly hardened Salesloft environment against the known methods used by the threat actor during the attack.
Threat hunting based on Mandiant Intelligence across Salesloft infrastructure and technologies:
IOC analysis.
Analysis of events associated with at-risk credentials based on threat actor activity.
Analysis of events associated with activity that would permit the threat actor to circumvent Salesloft security controls.
Mandiant has verified the technical segmentation between Salesloft and Drift applications and infrastructure environments.
Based on the Mandiant investigation, the findings support the incident has been contained. The focus of Mandiant’s engagement has now transitioned to forensic quality assurance review.