PagerDuty, a pacesetter in digital operations administration, has confirmed a safety incident that resulted in unauthorized entry to a few of its knowledge saved in Salesforce.
The corporate acknowledged that no PagerDuty platform credentials have been compromised and that the breach resulted from a vulnerability in a third-party utility, Salesloft Drift.
The incident’s timeline started on August 20, 2025, when PagerDuty was first notified by Salesloft a couple of potential safety concern associated to its Drift utility.
Three days later, on August twenty third, Salesloft confirmed that attackers had exploited a vulnerability in Drift’s OAuth integration with Salesforce. This “hijacked authorization course of” allowed a menace actor to realize unauthorized entry to PagerDuty’s Salesforce occasion.
PagerDuty has emphasised that the breach was restricted in scope. In a press release, the corporate confirmed, “We’ve not seen any indication that entry to the PagerDuty platform or another inner methods or sources past Salesforce could have occurred.”
The corporate instantly disabled Salesloft Drift’s entry to its Salesforce knowledge upon studying of the compromise and is conducting an ongoing investigation.
The information doubtlessly uncovered contains buyer contact data equivalent to names, telephone numbers, and e-mail addresses. Whereas PagerDuty’s core providers and credentials stay safe, the publicity of this contact data raises the danger of focused phishing and social engineering assaults in opposition to its prospects.
In mild of this potential publicity, PagerDuty is advising all prospects to train additional vigilance. “PagerDuty won’t ever contact anybody by telephone to request a password or another safe particulars,” the corporate warned. “All official communication from PagerDuty comes via our trusted assist channels.”
This safety occasion is a part of a wider concern affecting prospects of the Salesloft Drift utility. Background data and technical particulars on the vulnerability have been printed by Salesloft on its belief middle, in addition to by Salesforce and Google’s Risk Intelligence Group, which has been monitoring the exercise.
The incident highlights the complicated safety challenges firms face when integrating third-party functions into their core methods.
On August twenty seventh, Salesloft issued additional suggestions for Drift prospects who handle their very own connections to third-party functions, signaling the continued efforts to comprise the vulnerability’s affect throughout the business.
PagerDuty has assured its prospects that it’s treating the matter with the utmost seriousness and is working diligently to grasp the complete scope of the incident.
The corporate continues to watch the state of affairs carefully and is dedicated to offering updates as its investigation progresses. Prospects are urged to be cautious of unsolicited communications and to report any suspicious exercise.
Confirmed victims of this provide chain assault embrace:
Palo Alto Networks: The cybersecurity agency confirmed the publicity of enterprise contact data and inner gross sales knowledge from its CRM platform.
Zscaler: The cloud safety firm reported that buyer data, together with names, contact particulars, and a few assist case content material, was accessed.
Google: Along with being an investigator, Google confirmed a “very small quantity” of its Workspace accounts have been accessed via the compromised tokens.
Cloudflare: Cloudflare has confirmed a knowledge breach the place a complicated menace actor accessed and stole buyer knowledge from the corporate’s Salesforce occasion.
Discover this Story Attention-grabbing! Observe us on Google Information, LinkedIn, and X to Get Extra On the spot Updates.
