HackerOne has confirmed it was among the many firms affected by a current information breach that supplied unauthorized entry to its Salesforce occasion. The entry was gained via a compromise of the third-party utility Drift, which Salesloft owns.
The bug bounty platform introduced the safety incident, aligning with its firm worth of “Default to Disclosure.” In keeping with the corporate, its safety crew was first notified of a possible compromise by Salesforce on Friday, August 22, 2025.
This was subsequently confirmed by Salesloft the next day, prompting HackerOne to activate its incident response protocols instantly.
The corporate is working in partnership with each Salesforce and Salesloft to analyze the complete scope and influence of the breach. This incident is a part of a broader assault marketing campaign that has impacted lots of of firms.
HackerOne Confirms Knowledge Breach
As detailed in a report by Google’s Mandiant, risk actors focused Salesforce buyer information by exploiting a vulnerability inside the Drift advertising and gross sales utility.
By compromising Drift, attackers have been capable of pivot and acquire unauthorized entry to related Salesforce environments, permitting for the theft of delicate buyer and gross sales information.
HackerOne’s affirmation locations it on a rising record of companies responding to this provide chain assault. Whereas the investigation stays ongoing, HackerOne said {that a} subset of information inside its Salesforce occasion was accessed by the unauthorized events.
Nonetheless, the corporate expressed confidence that no buyer vulnerability information was impacted or uncovered throughout the incident.
That is attributed to the agency’s strict inner insurance policies and controls, which govern information segmentation, successfully siloing delicate vulnerability info away from the compromised gross sales and advertising information within the Salesforce setting.
HackerOne is constant to conduct a forensic evaluation on the particular information accessed to find out the precise nature of the uncovered info.
The corporate has dedicated to speaking straight with any prospects who’re recognized as being impacted by the breach.
This incident highlights the numerous dangers related to third-party utility integrations and the potential for provide chain assaults to bypass a corporation’s direct safety defenses.
Discover this Story Attention-grabbing! Comply with us on Google Information, LinkedIn, and X to Get Extra Instantaneous Updates.
