Salesloft Drift — Campaign Analysis & Threat Activity

Threat entity extracted from intelligence sources

Frequency
8
occurrences
First Seen
November 20, 2025
Last Seen
June 21, 2026

Salesloft Drift is a threat campaign tracked across 7 threat clusters and 8 intelligence report mentions on ThreatCluster. First observed November 20, 2025; most recent activity June 21, 2026.

Related Threat Clusters

  • Salesloft Drift OAuth Token Breach Exposes Salesforce Data

    Between August 9 and August 17, 2025, the threat actor UNC6395 exploited stolen OAuth tokens from Salesloft's Drift integration to access Salesforce environments of over 700 organizations, including major tech firms.…

    3 articles · Updated June 21, 2026
  • Kodak Confirms Data Breach Linked to ShinyHunters Gang

    Kodak has confirmed a data breach after the ShinyHunters extortion group claimed responsibility for stealing over 2.2 million records, including customer personally identifiable information (PII) and internal corporate…

    5 articles · Updated June 17, 2026
  • Gainsight Apps Breach Exposes Data of Over 200 Salesforce Customers

    A significant supply chain attack has compromised Salesforce-stored data from more than 200 companies through applications published by Gainsight. Salesforce confirmed unauthorized access to customer data and is…

    30 articles · Updated November 23, 2025
  • Grubhub Confirms Data Breach and Faces Extortion Demands

    Grubhub has confirmed a data breach where unauthorized actors accessed parts of its internal systems. The company is now facing extortion demands related to the stolen data. Grubhub stated that it quickly detected and…

    1 article · Updated January 27, 2026
  • Data Breach Affects Over 200 Companies via Gainsight Integration with Salesforce

    Hackers compromised Salesforce-stored data from more than 200 companies through a supply chain attack involving Gainsight applications. Google confirmed the breach, stating that unauthorized access to customer data was…

    44 articles · Updated November 27, 2025
  • Scattered Lapsus$ Hunters Recruit Women for Vishing Operations

    The Scattered Lapsus$ Hunters (SLH) hacking group is actively recruiting women to participate in voice-phishing (vishing) attacks. Advertisements on a public Telegram channel, detected by Dataminr, promise payments…

    5 articles · Updated February 26, 2026
  • Salesloft Drift Breach Exposes Risks of Third-Party SaaS Applications

    In August 2025, the Salesloft Drift breach compromised the data of hundreds of organizations, highlighting the security and privacy risks associated with third-party SaaS applications. As reliance on these applications…

    1 article · Updated February 18, 2026

Recent Intelligence Reports

  • Data Theft Salesforce Instances Via Salesloft Drift — cloud.google.com · June 21, 2026
  • Kodak confirms data breach claimed by ShinyHunters extortion gang — Bleepingcomputer · June 17, 2026
  • Scattered Lapsus$ Hunters seeks women to defraud helpdesks — Theregister · February 26, 2026
  • Scattered Lapsus$ Hunters auditioning female voices to sharpen social engineering — Theregister · February 26, 2026
  • theNET | Reducing the privacy risks of third-party apps — Cloudflare · February 17, 2026
  • Grubhub confirms data breach amid extortion claims — Foxnews · January 27, 2026
  • Gainsight says additional applications put on hold after Salesforce customers breached — Cybersecuritydive · November 24, 2025
  • Salesforce investigating campaign targeting customer environments connected to Gainsight app — Cybersecuritydive · November 20, 2025

CVSS v3.1 Breakdown