The impact of the Salesloft Drift breach on Cloudflare and our customers

https://blog.cloudflare.com/response-to-salesloft-drift-incident/

35•ezekg•5mo ago

Comments

htrp•5mo ago

> As part of our response to this incident, we did our own search through the compromised data to look for tokens or passwords and found 104 Cloudflare API tokens. We have identified no suspicious activity associated with those tokens, but all of these have been rotated in an abundance of caution. All customers whose data was compromised in this breach have been informed directly by Cloudflare.

Great response

> We are responsible for the choice of tools we use in support of our business. This breach has let our customers down. For that, we sincerely apologize. The rest of this blog gives a detailed timeline and detailed information on how we investigated this breach.

And a mea culpa for their 3rd party vendor choices (impressive)

pjsg•5mo ago

I got this notification (email subject "[ACTION REQUIRED] Third-Party Compromise Impacting Cloudflare Salesforce Cases"), but, as I'm a free user, I don't even have a 'Technical Support' option under the 'Support' menu dropdown.

Have other free users also received this email?

reassess_blind•5mo ago

Click the Support Dropdown > Support > Technical Support > My Activities

bstsb•5mo ago

if you've ever submitted a support case to Cloudflare then you got the email.

check https://dash.cloudflare.com/?to=/:account/my-activities

pjsg•5mo ago

That leads to a page saying "Cannot locate dashboard account"

I did find an email from Cloudflare in April 2011 (seven months after CF started to offer services) which was a response to a support request. I guess that things have changed in the intervening years so that the original link to keep track of my support request no longer works!!

I'll give them a break on this!

TheNewsIsHere•5mo ago

I’m not giving them a break on this. They sent me the same email. I’m having the same experience.

I actually do have a support case history with them, and I’d like to review what data has been lost. I’ve been a customer for over a decade. I have no clue what was in that history because I’ve filed numerous tickets over the years. They have made that impossible without paying them, even if you’ve paid them in the past.

They clearly failed to test their process on each account type.

I guess we could send individual data subject requests to their DPO, but that is probably more costly for them.

luke2030•5mo ago

Consider if your support cases were instead with Zendesk and not with Salesforce. This could explain why they did not contact you.

TheNewsIsHere•5mo ago

They did indeed contact me by email to let me know my data was in scope of the breach.

reassess_blind•5mo ago

Is anyone aware of the other services using Salesloft Drift that were breached? Cloudflare is the first I've had reach out, but surely there were others.

bstsb•5mo ago

so far Google, Zscaler and Palo Alto Networks. looks like more to come though

ganoushoreilly•5mo ago

There were at least 700 victims being tracked by Google's Threat Intelligence Group

mr_cyborg•5mo ago

They saved others, but they couldn’t save themselves.[1]

Important to remember that security practitioners and vendors are actually on the same team when it comes to criminal behavior, and maybe it’s better to treat others with grace.

1: https://blog.cloudflare.com/how-cloudflare-mitigated-yet-ano...

Citizen8396•5mo ago

comparing a third-party breach of cloudflare to the zoo that was okta at the time is laughable

Blue923•5mo ago

It would be nice if they actually TOLD us their recommendations with the exact actions to take to protect our accounts. This is just a blanket statement that is going to result in confusion as to what "action" there is to take.

Does anyone have an action plan yet?

loteck•5mo ago

From OP:

Given that Salesforce support case data contains the contents of support tickets with Cloudflare, any information that a customer may have shared with Cloudflare in our support system—including logs, tokens or passwords—should be considered compromised, and we strongly urge you to rotate any credentials that you may have shared with us through this channel.

FSD helped save my father's life during a heart attack

Show HN: Writtte – Draft and publish articles without reformatting, anywhere

Portuguese icon (FROM A CAN) makes a simple meal (Canned Fish Files) [video]

Brookhaven Lab's RHIC Concludes 25-Year Run with Final Collisions

Transcribe your aunts post cards with Gemini 3 Pro

.72% Variance Lance

ReKindle – web-based operating system designed specifically for E-ink devices

Encrypt It

NextMatch – 5-minute video speed dating to reduce ghosting

Personalizing esketamine treatment in TRD and TRBD

SpaceKit.xyz – a browser‑native VM for decentralized compute

NotebookLM: The AI that only learns from you

Show HN: An open-source starter kit for developing with Postgres and ClickHouse

Game Boy Advance d-pad capacitor measurements

South Korean crypto firm accidentally sends $44B in bitcoins to users

Apache Poison Fountain

Web.whatsapp.com appears to be having issues syncing and sending messages

Google in Your Terminal

Shannon: Claude Code for Pen Testing: #1 on Github today

Anthropic: Latest Claude model finds more than 500 vulnerabilities

Brooklyn cemetery plans human composting option, stirring interest and debate

Why the 'Strivers' Are Right

Brain Dumps as a Literary Form

Agentic Coding and the Problem of Oracles

Malicious packages for dYdX cryptocurrency exchange empties user wallets

Show HN: I built a <400ms latency voice agent that runs on a 4gb vram GTX 1650"

Penisgate erupts at Olympics; scandal exposes risks of bulking your bulge

Arcan Explained: A browser for different webs

What did we learn from the AI Village in 2025?

An open replacement for the IBM 3174 Establishment Controller