Fastly Data Breach (2025)

"Fastly was impacted by the recent security incident involving Salesloft's Drift application. We have investigated and notified all Fastly customers affected. This incident was isolated to our Salesforce instance and did not impact any Fastly services, infrastructure, or products. This post includes a summary of our response and the customer outreach we’ve performed. What Happened Between August 13 and August 18, 2025, a threat actor (tracked as UNC6395 by Google Mandiant) exploited stolen OAuth tokens tied to the Drift integration to gain unauthorized access to Salesforce instances across many companies, including Fastly. The incident was contained on August 20, 2025 when Salesloft and Salesforce disabled the integration. We immediately began our own investigation, confirming that the malicious activity was isolated to our Salesforce instance and the data accessed was limited to case subjects, descriptions, and contact details."