The Salesloft Drift Breach: When a Chatbot's OAuth Token Owns Your Salesforce

If you want a single case study for why non-human identity is the defining identity problem of this decade, the Salesloft Drift breach is it. Over roughly a week in August 2025, the group tracked as UNC6395 used stolen OAuth tokens belonging to the Drift chatbot's Salesforce integration to systematically export data from more than 700 organisations — including Cloudflare, Google, PagerDuty, Palo Alto Networks, Proofpoint and Zscaler. No employee was phished. No password was cracked. The attackers simply presented valid tokens that the victim organisations had themselves authorised, and Salesforce did exactly what it was told.

How a marketing tool became a master key

The chain is a masterclass in supply-chain identity risk. Investigators traced ground zero to a compromise of Salesloft's GitHub account between March and June 2025 — the attackers downloaded repositories, added a guest user, and established workflows. From there they pivoted into Drift's AWS environment and stole the OAuth tokens that Drift's customers had granted to connect the chatbot to their Salesforce instances. Those tokens were the prize. Each one was a pre-authorised, long-lived, non-human credential with standing access to a customer's CRM.

With the tokens in hand, UNC6395 queried Salesforce through its own APIs — automated SOQL queries, bulk exports, custom user-agents — and combed the exfiltrated records for secrets: plaintext AWS keys, VPN credentials, Snowflake tokens. In other words, the first breach was a machine to harvest the credentials for the next breach. One compromised integration became a credential-mining operation across hundreds of enterprises.

The identity failures hiding in plain sight

Every property that made this devastating is a property we tolerate in non-human identities every day:

• The token was long-lived. OAuth tokens for integrations are routinely issued once and left valid indefinitely, because rotating them risks breaking the integration. A credential that never expires is a credential an attacker can use at leisure.
• The token was over-scoped. Many Drift-to-Salesforce grants carried far broader read access than a chatbot needs. Least privilege is something we enforce on humans and forget entirely on integrations.
• The token was unmonitored. A human exporting your entire Salesforce org at 3am would trip something. A pre-authorised integration doing the same looked like business as usual.
• Nobody owned it. Ask who, in any of those 700 organisations, was accountable for that specific OAuth grant — when it was issued, what it could access, when it was last reviewed. The honest answer, almost everywhere, is no one.

What this demands of identity teams

This breach should permanently change how we treat third-party integrations and OAuth grants:

• Inventory every OAuth grant and integration token as a privileged identity. If you cannot produce a list of every third-party app connected to your crown-jewel SaaS — Salesforce, Microsoft 365, Snowflake, your code repos — and what each can access, that is your first project.
• Scope ruthlessly and expire by default. Grant integrations the minimum access they need, and prefer short-lived, refreshable tokens over standing ones. The fear of breaking an integration is exactly the fear attackers count on.
• Monitor non-human behaviour. Baseline what an integration normally does and alert on deviation — a chatbot connector suddenly performing bulk exports is precisely the signal that should have screamed.
• Assign an owner to every grant, and review them. Integrations need joiner-mover-leaver discipline too. When the business stops using a SaaS tool, someone must revoke its tokens — they do not expire on their own.
• Assume your secrets are in the data. The attackers mined exported records for embedded credentials. Stop storing secrets in CRM fields, support tickets, and free-text notes — and rotate anything that may have been exposed.

The takeaway

Salesloft Drift was not a Salesforce vulnerability or a customer misconfiguration in the traditional sense. It was the predictable consequence of treating machine identities as plumbing rather than as privileged access. The integrations we connect with two clicks and never think about again are, collectively, one of the largest and least-governed privilege grants in the enterprise. The organisations that come through the next one of these unscathed will be those that started governing non-human identity with the same seriousness as human identity — before, not after, their tokens turned up in someone else's exfiltration script.