In August 2025, sales automation platform Salesloft issued an alert that it had detected a “security issue” in Drift – the AI chatbot used by numerous corporate websites.

From August 8 to August 18, 2025, a threat actor used OAuth credentials to exfiltrate data from customers’ Salesforce instances, Salesloft said. This data included sensitive information relating to accounts and users.

Over the following days, companies began to discover they had become part of the fallout. Known victims include Cloudflare, Zscaler, Palo Alto Networks and Google, with the total number of impacted organisations thought to be as high as 700.

In late August, researchers at the Google Threat Intelligence Group (GTIG)confirmed adversaries had used compromised OAuth tokens for the "Drift Email" integration to access email from “a very small number” of Google Workspace accounts.

In addition, Google warned that “the scope of this compromise is not exclusive to the Salesforce integration with Salesloft Drift and impacts other integrations”.

“We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised,” the GTIG said in an update to its blog.

So, how did such a high-profile breach happen and what can CISOs so to avoid this type of attack?

Salesloft Attackers Could Bypass Authentication

The technique used by the Salesloft attackers, token theft, is significant because unlike stolen passwords, tokens are designed to bypass multi-factor authentication (MFA), says Rob Demain, CEO of e2e-assure.

“Once stolen, they allow attackers to operate invisibly within application programming interfaces (APIs), escalating privileges and blending into legitimate traffic.”

Adding to the, this breach was “a sophisticated attack” carried out by highly-skilled adversaries, says Demain. “By the time the threat actor was detected, they were deep in a business’s IT systems, making them very difficult to remove.”

Attackers stole the digital keys the Drift chat tool uses to talk to companies with Salesforce accounts. The keys effectively allowed them to “quietly open the doors to the customers’ data and copy the information”, says Ngaire Guzzetti, technical director supply chain at cybersecurity consultancy CyXcel.

If the keys had been set to expire more quickly, it would have “significantly reduced” Drift's access availability, says Guzzetti. “The tool seemingly had access to areas it didn’t need to. If it had been restricted to only where was truly necessary, this could have reduced the impact.”

The breach shows OAuth tokens are “a powerful credential if stolen”, adds Sam Peters, chief product officer at IO, formerly ISMS.online.

Following the guidance of international security standards such as ISO 27001 could have helped to mitigate the damage caused by the Salesloft Drift breach, says Peters. For example, stronger access control policies and least privilege principles would have limited the scope of OAuth tokens and reduced potential damage if they were compromised.  “Similarly, secure authentication practices, including monitoring for unusual token activity, could have flagged the attack earlier.”

Supply Chain Threats

The Salesloft breach shows how threat posed by the software supply chain is real and growing.

Peters cites IO’s State of Information Security report, which suggests it's likely many firms aren’t doing enough to tackle software supply chain threats.

The report revealed that 41% of organisations find managing third-party risk and compliance a challenge. Concerningly, it also found 61% of organisations experienced a security incident caused by a vendor in the past year, including issues such as data breaches, financial loss and operational disruption.

While awareness is on the rise, the majority of organisations still perceive due diligence as a “one-off pre-engagement activity”, rather than “an ongoing continuous threat”, says Guzzetti.

The reality is that most organisations have “very little visibility” into “how software-as-a-service (SaaS) apps are chained together, and how users and data move between them,” says Hasan Imam, CEO of Obsidian Security. “They rarely see when attackers exploit compromised OAuth tokens and API keys to hijack these environments.”

Traditional security tools are built to harden endpoints and human identities, but SaaS integrations “slip past those controls”, says Imam. “They aren’t inspected by identity providers or by network proxies, which means they bypass the session-based checks that zero trust enforces on humans. Attackers know this, and they’re taking advantage of it.”

However, regulation such as Digital Operational Resilience Act, the Network Information and Systems Directive 2 and the UK’s Cyber Security and Resilience Bill is raising the bar, by placing “direct responsibility” on organisations for third-party security, says Peters.

Future Supply Chain Attacks

As the threat from the supply chain grows and AI chat agents are integrated into an increasing number of services, companies need to be on alert.

One of the issues with the technology is the way it expands the attack surface, according to Guzzetti.  “AI features constantly pull data from multiple sources. This provides more opportunities for threat actors, who are already using AI to write better phishing lures, automate reconnaissance and draft malicious code.”

However, Demain points out that legislation such as the Cyber Security and Resilience Bill are preparing for this risk. “SaaS organisations integrating AI into their platforms will be held more accountable, forcing them to take AI security more seriously.”

How To Counter The Threat 

Experts agree that all firms must focus their efforts on managing third party risk to avoid becoming part of the fallout from breaches such as the Salesloft incident.

Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster University advises security leaders to “take a multi-layered approach to security, covering people, processes and technology”.

This starts with re-evaluating the vendor selecting process to make sure all partners are following a recognised standard, Curran says.

Meanwhile, security requirements and breach reporting obligations should be written clearly in contracts and service level agreements (SLAs) from the outset, Curran adds.

Once relationships are in place, tighter access controls are needed, he says. He recommends a “zero trust model” to ensure third parties “only have access to the data and systems they genuinely need”.

MFA should also be enforced across all third-party connections, he adds.

At the same time, network segmentation is a important safeguard, adding an extra layer of protection by isolating critical systems such as customer databases, says Curran.

As third party breaches impacting the software supply chain continue to rise, security leaders should act quickly. The Salesloft breach is a reminder that securing SaaS can’t be an afterthought, says Imam.

“This risk will only grow as AI agents are wired into critical SaaS applications with sweeping access,” he warns. “These agents are powerful and convenient, but if they are hijacked they can pull data, trigger workflows and act autonomously without setting off the usual alarms, causing widespread damage before anyone notices.”

Kate O'Flaherty Cybersecurity and privacy journalist