Salesforce / Drift Security Incident

The investigation into this incident has been completed. Our security teams, along with trusted third party experts, have confirmed that the issue has been fully contained and remediated. No further customer impact has been identified, and normal operations remain secure. We continue to monitor closely and have implemented additional safeguards to help prevent recurrence.

On Friday, August 22, BeyondTrust was notified by Salesforce of a security event involving the Salesloft Drift application and the use of credentials to access information from Salesloft customer Salesforce instances. More information is available here. Upon detection, Salesforce took measures to address the event, including disabling all instances of the Drift software. The Drift application was also removed from the Salesforce AppExchange.

BeyondTrust promptly activated our incident response protocols and has been conducting a thorough investigation. Out of an abundance of caution, we revoked all access for Drift, and we rotated all credentials used to integrate our Salesforce instance with other systems.

Based on our investigation, the threat actors had limited access to our Salesforce data and the impact was limited to Salesforce. While we have no evidence that customer information has been misused, given the potential exposure of business contact information, we recommend extra vigilance with respect to potential phishing and social engineering attacks.

We do not have any indication that this incident involved or affected BeyondTrust’s internal network, software code, products, or the data secured by those products on behalf of our customers.

There is no action required from BeyondTrust customers to maintain the security of their deployed BeyondTrust products based on this incident. We are committed to transparency and providing relevant updates to our affected community.