BeyondTrust Data Breach (2025)

"On Friday, August 22, BeyondTrust was notified by Salesforce of a security event involving the Salesloft Drift application and the use of credentials to access information from Salesloft customer Salesforce instances. More information is available here. Upon detection, Salesforce took measures to address the event, including disabling all instances of the Drift software. The Drift application was also removed from the Salesforce AppExchange. BeyondTrust promptly activated our incident response protocols and has been conducting a thorough investigation. Out of an abundance of caution, we revoked all access for Drift, and we rotated all credentials used to integrate our Salesforce instance with other systems. Based on our investigation, the threat actors had limited access to our Salesforce data and the impact was limited to Salesforce. While we have no evidence that customer information has been misused, given the potential exposure of business contact information, we recommend extra vigilance with respect to potential phishing and social engineering attacks."