Third-Party Compromise Impacting Cloudflare Salesforce Cases #8086
Description
[ACTION REQUIRED] Third-Party Compromise Impacting Cloudflare Salesforce Cases
Dear Cloudflare Customer,
We released a blog post today detailing how a threat actor compromised Salesloft Drift, a customer support chat agent that integrates with Salesforce. A threat actor was able to access the Salesforce tenants of multiple companies from August 12 to 17, 2025 UTC, including Cloudflare’s. As part of our ongoing investigation, we have determined that these credentials have allowed limited access to some of Cloudflare’s Salesforce information, including information associated with your Cloudflare account.
To be clear, Cloudflare services and our core infrastructure were not impacted.
Upon learning of the incident, Cloudflare immediately disabled all Salesloft Drift application connections to our Salesforce tenant and began an investigation. Due to the widespread nature of this incident across multiple companies, we are recommending our customers rotate credentials used to integrate with third parties, including any tokens, API keys, and/or credentials used for Cloudflare services. We also recommend you review access logs and permissions for all third-party integrations.
Because our investigation confirmed that Salesforce cases associated with your Cloudflare account were impacted by this exposure—including, primarily, the substance of information shared in customer support requests and customer contact information—we recommend you verify what information your support cases may include by logging on to your Cloudflare support portal. Please note that attachments or files in those cases were not impacted. To access your Cloudflare Support Portal, please login to the Cloudflare dashboard, click the ‘Support’ dropdown, then 'Technical Support', then 'My Activities'. You can adjust your case view with the filters at the top, or use the "Download Cases" button. If you cannot access your Support Portal, please open a new support case.
Recommendations
This incident is impacting multiple companies and service providers, which has introduced a large amount of digital supply chain risk. We recommend you take the following actions in order to assess the risk to your organization and to take precautions as appropriate:
Review cases in Cloudflare’s support system to definitively confirm what data may have been affected
Rotate any credentials that may have been previously shared in a support case to Cloudflare
Rotate any credentials that may have been included in a support case with any other vendor, due to the broad nature of this incident
Review public materials associated with the Drift incident and conduct a security review of your environment as appropriate
Review access logs and permissions to all third-party integrations
We strongly encourage you to read our blog post for a detailed account of this incident, our remediation steps, and our recommendations for next steps in mitigating your risk.
We understand this is a challenging situation. If you have any questions, please contact Cloudflare Customer Support by opening a case via the Support Portal in your dashboard.
Kind regards,
Cloudflare Support Team