Pagerduty Data Breach (2025)

"On August 20, 2025 we were notified by Salesloft, a third-party vendor, of a potential security issue in Salesloft’s Drift application. On August 23, Salesloft informed us that its Drift OAuth integration flow with Salesforce had been compromised, exposing some PagerDuty customer support and case management data. As Salesloft shared, a threat actor used OAuth credentials to exfiltrate data from Salesloft’s customers’ Salesforce instances. As a result, that threat actor gained access to data in our Salesforce instance. We have no evidence of unauthorized access to the PagerDuty platform at this time. What Data Was Exposed The accessed instance of Salesforce is what we use for customer support and internal customer case management. Most of this information is customer contact information, which may include names, phone numbers, and email addresses, as well as support case data. For some customers, the information also contained even more sensitive information like API access tokens or other sensitive data that a customer may have shared with PagerDuty."