The bug bounty platform announced the security incident, aligning with its company value of “Default to Disclosure.” According to the company, its security team was first notified of a potential compromise by Salesforce on Friday, August 22, 2025.
This was subsequently confirmed by Salesloft the following day, prompting HackerOne to activate its incident response protocols immediately.
The company is working in partnership with both Salesforce and Salesloft to investigate the full scope and impact of the breach. This incident is part of a broader attack campaign that has impacted hundreds of companies.
As detailed in a report by Google’s Mandiant, threat actors targeted Salesforce customer records by exploiting a vulnerability within the Drift marketing and sales application.
By compromising Drift, attackers were able to pivot and gain unauthorized access to connected Salesforce environments, allowing for the theft of sensitive customer and sales data.
HackerOne’s confirmation places it on a growing list of firms responding to this supply chain attack. While the investigation remains ongoing, HackerOne stated that a subset of records within its Salesforce instance was accessed by the unauthorized parties.
However, the company expressed confidence that no customer vulnerability data was impacted or exposed during the incident.
This is attributed to the firm’s strict internal policies and controls, which govern data segmentation, effectively siloing sensitive vulnerability information away from the compromised sales and marketing data in the Salesforce environment.
HackerOne is continuing to conduct a forensic analysis on the specific records accessed to determine the exact nature of the exposed information.
The company has committed to communicating directly with any customers who are identified as being impacted by the breach.
This incident highlights the significant risks associated with third-party application integrations and the potential for supply chain attacks to bypass an organization’s direct security defenses.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post HackerOne Confirms Data Breach – Hackers Gained Unauthorized Access To Salesforce Instance appeared first on Cyber Security News.
Tired of the same old black brick of a power bank that litters the marketplace?…
Kunce's appointment follows the resignation of the city's previous choice, Scott Fisher, who left the…
USB Type-C has become the standard for charging and data cables alike, so it's good…
Best Buy is offering an excellent deal on a gaming PC that can comfortably run…
National Weather Service will be presenting a new seminar series later this month, focusing on…
The Rockford Fire Department says an afternoon house fire left a dog dead and displaced…
This website uses cookies.