Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
IT observability firm Dynatrace admits its Salesforce data was compromised as part of a widespread supply chain hack.
Dynatrace has become the latest technology company to confirm that a limited set of its customer data has been compromised by the widespread compromise of OAuth credentials belonging to the Salesloft Drift application’s Salesforce integration.
“In August 2025, a cyber attack on Salesloft’s Drift application resulted in unauthorised access to Salesforce CRM data from companies using the third-party app. Salesloft and Salesforce have since taken steps to disable the compromised connections and notify their affected customers,” Dynatrace said in an 8 September blog post.
“Like many companies, Dynatrace was among those affected by the Salesloft incident. We took immediate steps to protect our systems and customers. As of September 7th, we have been notified by Salesloft that the connections have been re-enabled.”
Dynatrace launched its investigation after learning of the incident and found that its Salesforce platform had been compromised. Like many other victims, however, the compromise was limited to the customer and marketing data on that platform – no Dynatrace services or products were impacted.
“Moreover, Dynatrace does not use the case function in Salesforce and, as such, no case information was accessible as a result of the incident,” Dynatrace said.
“The potentially affected data is limited to business contact information, including first and last names of customer contacts and company identifiers. There has been no disruption to our operations.”
Dynatrace is now warning its customers to be wary of social engineering attacks or phishing messages.
Dynatrace joins hundreds of companies impacted by the compromise, including high-profile cyber security firms such as Palo Alto Networks and Zscaler.
Salesloft revealed this month that the threat actor behind the campaign had access to the company’s GitHub account between March and June this year, and was able to perform reconnaissance-related activity before successfully obtaining the OAuth tokens for many of Salesloft’s customers’ technology integrations.
These were then used to access those customers’ data.
As far as Salesloft is aware, the incident has now been contained; however, it and Mandiant continue to investigate the compromise.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
