Dynatrace Confirms Data Breach: Hackers Accessed Customer Data From Salesforce

Dynatrace has confirmed it was impacted by a third-party data breach originating from the Salesloft Drift application, resulting in unauthorized access to customer business contact information stored in its Salesforce CRM.

The company confirmed that the incident was limited to its CRM platform and did not impact any core Dynatrace products, services, or sensitive customer environments.

The security incident originated in August 2025, when threat actors compromised Salesloft’s Drift application, a popular third-party tool used for customer engagement.

This compromise allowed the attackers to gain unauthorized access to the Salesforce environments of companies utilizing the app.

In response to the attack, Salesloft and Salesforce moved to disable the compromised connections and began notifying affected clients, which included the observability giant Dynatrace.

Dynatrace’s Response And Investigation

Upon receiving notification of the third-party breach, Dynatrace’s security team took immediate action by disabling the Drift application within its environment to sever the connection and prevent further unauthorized access.

The company launched a comprehensive investigation, bringing in third-party cybersecurity experts to determine the full scope of the incident.

The investigation confirmed that the malicious activity was limited exclusively to its Salesforce CRM instance, which the company uses for managing customer relationships and marketing activities.

Critically, Dynatrace clarified that none of its own products or services were compromised. This includes any systems that house customer data or services that directly interface with customer systems.

Furthermore, the company reported that it does not utilize the “case function” within Salesforce, meaning no customer support case information was accessible to the attackers.

Dynatrace assured stakeholders that the incident caused no disruption to its business operations. The data exposed in the breach is limited to business contact information. This includes the first and last names of customer contacts and their associated company identifiers.

No sensitive credentials, financial details, or other confidential information were accessed. After a period of investigation and remediation, Salesloft notified Dynatrace on September 7th that the secure connections had been re-enabled.

In light of the exposure of business contact information, Dynatrace has issued guidance to its customers, urging them to exercise increased caution against potential social engineering and phishing campaigns.

The company emphasized that its employees will never contact customers via phone or email to request passwords, multi-factor authentication (MFA) codes, or other sensitive credentials.

Customers are advised to be vigilant and verify that all communications and links originate from trusted Dynatrace domains.

Confirmed victims of this supply chain attack include:

• Palo Alto Networks: The cybersecurity firm confirmed the exposure of business contact information and internal sales data from its CRM platform.
• Zscaler: The cloud security company reported that customer information, including names, contact details, and some support case content, was accessed.
• Google: In addition to being an investigator, Google confirmed a “very small number” of its Workspace accounts were accessed through the compromised tokens.
• Cloudflare: Cloudflare has confirmed a data breach where a sophisticated threat actor accessed and stole customer data from the company’s Salesforce instance.
• PagerDuty has confirmed a security incident that resulted in unauthorized access to some of its data stored in Salesforce.
• Tenable has confirmed a data breach that exposed the contact details and support case information of some of its customers.
• Qualys has confirmed it was impacted by a widespread supply chain attack that targeted the Salesloft Drift marketing platform, resulting in unauthorized access to a portion of its Salesforce data.

Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.

The post Dynatrace Confirms Data Breach: Hackers Accessed Customer Data From Salesforce appeared first on Cyber Security News.