In August 2025, Dynatrace, a leader in software intelligence, experienced a data breach stemming from a third-party application, Salesloft’s Drift, integrated into its Salesforce Customer Relationship Management (CRM) system. This incident led to unauthorized access to business contact information of Dynatrace’s customers.
Incident Overview
The breach originated when threat actors compromised Salesloft’s Drift application, a tool widely used for customer engagement. This compromise allowed attackers to infiltrate the Salesforce environments of organizations utilizing the app, including Dynatrace. Upon detection, Salesloft and Salesforce promptly disabled the compromised connections and began notifying affected clients.
Dynatrace’s Immediate Response
Upon receiving notification of the breach, Dynatrace’s security team acted swiftly:
– Disabling the Drift Application: To prevent further unauthorized access, Dynatrace immediately disabled the Drift application within its environment.
– Comprehensive Investigation: The company initiated a thorough investigation, enlisting third-party cybersecurity experts to assess the breach’s scope and impact.
Findings from the Investigation
The investigation revealed that the breach was confined solely to Dynatrace’s Salesforce CRM instance, which is utilized for managing customer relationships and marketing activities. Crucially, the breach did not affect Dynatrace’s core products, services, or any systems containing sensitive customer data. Additionally, Dynatrace clarified that it does not use the case function within Salesforce, ensuring that no customer support case information was accessible to the attackers.
Nature of the Exposed Data
The data accessed during the breach was limited to business contact information, specifically:
– First and Last Names: Names of customer contacts.
– Company Identifiers: Associated company details.
Importantly, no sensitive credentials, financial information, or other confidential data were compromised.
Communication with Customers
Following the breach, Dynatrace proactively communicated with its customers, advising them to remain vigilant against potential social engineering and phishing attempts. The company emphasized that its employees would never request passwords, multi-factor authentication (MFA) codes, or other sensitive credentials via phone or email. Customers were urged to verify the authenticity of communications and ensure they originate from trusted Dynatrace domains.
Broader Impact on the Industry
This incident is part of a larger pattern of supply chain attacks affecting multiple organizations. Other notable companies impacted include:
– Palo Alto Networks: Exposure of business contact information and internal sales data from its CRM platform.
– Zscaler: Unauthorized access to customer information, including names, contact details, and some support case content.
– Google: A very small number of Workspace accounts were accessed through compromised tokens.
– Cloudflare: Customer data was accessed and stolen from the company’s Salesforce instance.
– PagerDuty: Reported unauthorized access to its systems.
Dynatrace’s Commitment to Security
In response to this incident, Dynatrace has reaffirmed its dedication to maintaining robust security measures. The company has implemented administrative, technical, and physical security controls to safeguard sensitive information from unauthorized access, ensuring data integrity, confidentiality, and availability. These measures are regularly and independently audited to uphold the highest security standards.
Conclusion
The recent data breach underscores the critical importance of securing third-party integrations within enterprise systems. While the incident was limited in scope and did not compromise sensitive data, it serves as a reminder for organizations to continuously evaluate and enhance their security protocols. Dynatrace remains committed to transparency and proactive communication with its customers, ensuring the trust and security of its services.
