HackerOne, a leading bug bounty and vulnerability coordination platform, has confirmed a data breach resulting from unauthorized access to its Salesforce instance. The breach was facilitated through a compromise of the third-party application Drift, owned by Salesloft.
Incident Overview
On August 22, 2025, HackerOne’s security team was alerted by Salesforce to a potential compromise. The following day, Salesloft confirmed that threat actors had exploited a vulnerability within the Drift application, enabling unauthorized access to connected Salesforce environments. This breach is part of a broader attack campaign affecting numerous companies.
Scope and Impact
HackerOne has initiated a comprehensive investigation in collaboration with Salesforce and Salesloft to assess the full scope of the breach. Preliminary findings indicate that unauthorized parties accessed a subset of records within HackerOne’s Salesforce instance. However, the company is confident that no customer vulnerability data was impacted or exposed during the incident. A forensic analysis is underway to determine the exact nature of the accessed information.
Response and Mitigation
In response to the breach, HackerOne has activated its incident response protocols, including:
– Immediate Containment: Revoking unauthorized access and securing affected systems.
– Collaboration: Working closely with Salesforce and Salesloft to investigate and remediate the vulnerability.
– Communication: Committing to direct communication with any customers identified as being impacted by the breach.
Broader Implications
This incident underscores the significant risks associated with third-party application integrations and the potential for supply chain attacks to bypass an organization’s direct security defenses. It highlights the importance of rigorous security assessments and continuous monitoring of third-party applications to prevent similar breaches.
Conclusion
HackerOne’s proactive response and commitment to transparency reflect its dedication to maintaining trust and security within its community. The company continues to prioritize the protection of customer data and the integrity of its platform.
