HackerOne Confirms Data Breach \u2013 Hackers Gained Unauthorized Access To Salesforce Instance
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
HackerOne has confirmed it was among the companies affected by a recent data breach that provided unauthorized access to its Salesforce instance. The access was gained through a compromise of the third-party application Drift, which Salesloft owns.<\/p>\n
The bug bounty<\/a> platform announced the security incident, aligning with its company value of \u201cDefault to Disclosure.\u201d According to the company, its security team was first notified of a potential compromise by Salesforce on Friday, August 22, 2025.<\/p>\n This was subsequently confirmed by Salesloft the following day, prompting HackerOne to activate its incident response protocols immediately.<\/p>\n The company is working in partnership with both Salesforce and Salesloft<\/a> to investigate the full scope and impact of the breach. This incident is part of a broader attack campaign that has impacted hundreds of companies.<\/p>\n As detailed in a report by Google\u2019s Mandiant, threat actors targeted Salesforce customer records by exploiting a vulnerability within the Drift marketing and sales application. <\/p>\n By compromising Drift, attackers were able to pivot and gain unauthorized access to connected Salesforce environments, allowing for the theft of sensitive customer and sales data. <\/p>\n HackerOne\u2019s confirmation places<\/a> it on a growing list of firms responding to this supply chain attack<\/a>. While the investigation remains ongoing, HackerOne stated that a subset of records within its Salesforce instance was accessed by the unauthorized parties.<\/p>\n However, the company expressed confidence that no customer vulnerability data was impacted or exposed during the incident. <\/p>\n This is attributed to the firm\u2019s strict internal policies and controls, which govern data segmentation, effectively siloing sensitive vulnerability information away from the compromised sales and marketing data in the Salesforce environment.<\/p>\n HackerOne is continuing to conduct a forensic analysis<\/a> on the specific records accessed to determine the exact nature of the exposed information.<\/p>\n The company has committed to communicating directly with any customers who are identified as being impacted by the breach. <\/p>\n This incident highlights the significant risks associated with third-party application integrations and the potential for supply chain attacks to bypass an organization\u2019s direct security defenses.<\/p>\n Find this Story Interesting! Follow us on Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>.<\/p>\n The post HackerOne Confirms Data Breach \u2013 Hackers Gained Unauthorized Access To Salesforce Instance<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nHackerOne Confirms Data Breach<\/strong><\/h2>\n