Dynatrace has become the latest technology company to confirm that a limited set of its customer data has been compromised by the widespread compromise of OAuth credentials belonging to the Salesloft Drift application’s Salesforce integration.
“In August 2025, a cyber attack on Salesloft’s Drift application resulted in unauthorised access to Salesforce CRM data from companies using the third-party app. Salesloft and Salesforce have since taken steps to disable the compromised connections and notify their affected customers,” Dynatrace said in an 8 September blog post.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Keep me signed in on this device.
If you check this box before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later.
If you check the box above before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later.
JavaScript is required for CAPTCHA verification to submit this form.
Create free account to get unlimited news articles and more!
First Name
Last Name
Mobile
Organisation Type
By becoming a member, I agree to receive information and promotional messages from Cyber Daily.
I can opt out of these communications at any time.
For more information, please visit our
Privacy Statement.
Need help signing up? Visit the
Help Centre.
“Like many companies, Dynatrace was among those affected by the Salesloft incident. We took immediate steps to protect our systems and customers. As of September 7th, we have been notified by Salesloft that the connections have been re-enabled.”
Dynatrace launched its investigation after learning of the incident and found that its Salesforce platform had been compromised. Like many other victims, however, the compromise was limited to the customer and marketing data on that platform – no Dynatrace services or products were impacted.
“Moreover, Dynatrace does not use the case function in Salesforce and, as such, no case information was accessible as a result of the incident,” Dynatrace said.
“The potentially affected data is limited to business contact information, including first and last names of customer contacts and company identifiers. There has been no disruption to our operations.”
Dynatrace is now warning its customers to be wary of social engineering attacks or phishing messages.
Dynatrace joins hundreds of companies impacted by the compromise, including high-profile cyber security firms such as Palo Alto Networks and Zscaler.
Salesloft revealed this month that the threat actor behind the campaign had access to the company’s GitHub account between March and June this year, and was able to perform reconnaissance-related activity before successfully obtaining the OAuth tokens for many of Salesloft’s customers’ technology integrations.
These were then used to access those customers’ data.
As far as Salesloft is aware, the incident has now been contained; however, it and Mandiant continue to investigate the compromise.
