SpyCloud Data Breach (2025)

"We were notified of a security incident involving a third-party application that potentially resulted in unauthorized access to data from Salesforce, our customer relationship management system. As reported by Google’s threat intelligence team, an actor allegedly targeted Salesforce customer instances through compromised authentication tokens (OAuth) associated with the Salesloft Drift application. Drift was acquired by Salesloft in 2024. SpyCloud was previously a customer of Salesloft & Drift. Immediately upon learning of the potential unauthorized access, we terminated the token access to our systems and began a full investigation of the incident internally."