PagerDuty, a prominent digital operations management firm, has recently disclosed a security breach resulting from a vulnerability in a third-party application, Salesloft Drift. This incident led to unauthorized access to certain data stored within PagerDuty’s Salesforce environment.
Incident Timeline and Discovery
The sequence of events began on August 20, 2025, when Salesloft alerted PagerDuty to a potential security issue associated with its Drift application. By August 23, Salesloft confirmed that attackers had exploited a flaw in Drift’s OAuth integration with Salesforce. This exploitation enabled unauthorized access to PagerDuty’s Salesforce instance.
Scope and Impact of the Breach
PagerDuty has emphasized that the breach was confined to its Salesforce data, with no evidence suggesting that the core platform or other internal systems were affected. The compromised data includes customer contact details such as names, phone numbers, and email addresses. While no PagerDuty platform credentials were compromised, the exposure of contact information raises concerns about potential phishing and social engineering attacks targeting customers.
Immediate Response and Ongoing Investigation
Upon identifying the breach, PagerDuty promptly revoked Salesloft Drift’s access to its Salesforce data and initiated a comprehensive investigation. The company is collaborating with cybersecurity experts to assess the full extent of the incident and to implement measures to prevent future occurrences.
Customer Advisory and Preventative Measures
In light of the potential risks, PagerDuty advises customers to remain vigilant against unsolicited communications. The company has clarified that it will never request passwords or other secure details via phone. All official communications will be conducted through established support channels.
Broader Implications and Industry Impact
This security event is part of a larger issue affecting multiple organizations using the Salesloft Drift application. Other confirmed victims include:
– Palo Alto Networks: The cybersecurity firm reported exposure of business contact information and internal sales data from its CRM platform.
– Zscaler: The cloud security company disclosed that customer information, including names, contact details, and some support case content, was accessed.
– Google: The tech giant confirmed that a limited number of its Workspace accounts were accessed through compromised tokens.
– Cloudflare: The company acknowledged a data breach where a sophisticated threat actor accessed and stole customer data from its Salesforce instance.
Industry Response and Recommendations
Salesloft has published technical details about the vulnerability on its trust center and is working with Salesforce and Google’s Threat Intelligence Group to monitor and mitigate the issue. On August 27, Salesloft issued additional recommendations for Drift customers managing their own connections to third-party applications, underscoring the ongoing efforts to contain the vulnerability’s impact.
PagerDuty’s Commitment to Security
PagerDuty is treating this matter with the utmost seriousness and is committed to transparency throughout the investigation. The company continues to monitor the situation closely and will provide updates as more information becomes available. Customers are encouraged to report any suspicious activity and to exercise caution with unsolicited communications.
Conclusion
This incident highlights the complex security challenges associated with integrating third-party applications into core systems. Organizations are reminded of the importance of rigorous security assessments and continuous monitoring of third-party integrations to safeguard sensitive data.
