The impact of the Salesloft Drift breach on Cloudflare and our customers

https://blog.cloudflare.com/response-to-salesloft-drift-incident/

22•ezekg•5h ago

Comments

htrp•2h ago

> As part of our response to this incident, we did our own search through the compromised data to look for tokens or passwords and found 104 Cloudflare API tokens. We have identified no suspicious activity associated with those tokens, but all of these have been rotated in an abundance of caution. All customers whose data was compromised in this breach have been informed directly by Cloudflare.

Great response

> We are responsible for the choice of tools we use in support of our business. This breach has let our customers down. For that, we sincerely apologize. The rest of this blog gives a detailed timeline and detailed information on how we investigated this breach.

And a mea culpa for their 3rd party vendor choices (impressive)

pjsg•1h ago

I got this notification (email subject "[ACTION REQUIRED] Third-Party Compromise Impacting Cloudflare Salesforce Cases"), but, as I'm a free user, I don't even have a 'Technical Support' option under the 'Support' menu dropdown.

Have other free users also received this email?

reassess_blind•1h ago

Click the Support Dropdown > Support > Technical Support > My Activities

bstsb•58m ago

if you've ever submitted a support case to Cloudflare then you got the email.

check https://dash.cloudflare.com/?to=/:account/my-activities

reassess_blind•59m ago

Is anyone aware of the other services using Salesloft Drift that were breached? Cloudflare is the first I've had reach out, but surely there were others.

bstsb•58m ago

so far Google, Zscaler and Palo Alto Networks. looks like more to come though

mr_cyborg•1m ago

They saved others, but they couldn’t save themselves.[1]

Important to remember that security practitioners and vendors are actually on the same team when it comes to criminal behavior, and maybe it’s better to treat others with grace.

1: https://blog.cloudflare.com/how-cloudflare-mitigated-yet-ano...

Suppressing property variability in recycled plastics via bioinspired design

Jean Leray in Edelbach [pdf]

The Currents of a Founder

A Scalper Explains Why They Love Ripping You Off

Indices, not Pointers

Show HN: CompareGPT – Making LLMs More Trustworthy by Reducing Hallucinations

Have foreign tourists avoided America this year?

Why boomers have more money than everyone else

Show HN: Slack-explorer-MCP – Let AI find historical context in Slack

How AI Is Changing Bookkeeping

The maths you need to start understanding LLMs

Ask HN: Short term housing for founders / entrepreneurs in the Bay Area / SF?

US Manufacturing Activity Contracted in August for a Sixth Month

Show HN: AI Agent for Game UI

EVs reduce climate pollution, but by how much? New U-M research has the answer

The Trust Quotient (TQ)

TextJam

The case against Almost Always auto in C++

This blog is running on a recycled Google Pixel 5

The Millionaire Who Left Wall Street to Become a Paramedic

Spec-Driven Development with A

What Every Data Scientist Should Know About Graph Transformers

Google, Apple, and Mozilla Win in the Antitrust Case Google Lost

Views from onboard Starship's tenth flight test

Google says Gmail security is "strong and effective" as it denies major breach

World’s biggest iceberg breaks up after 40 years

Parallel AI agents are a game changer

Researchers Are Already Leaving Meta's New Superintelligence Lab

Health Effects of Cousin Marriage: Evidence from US Genealogical Records

Lumo by Proton Mail