SolarWinds Advises on Security Incident Involving Salesloft Drift
SolarWinds, a leading software company, has recently experienced a security incident involving its Salesloft Drift integration for Salesforce. The incident, which occurred in August 2025, saw attackers exploiting compromised OAuth tokens associated with the Salesloft Drift application to gain unauthorized access to multiple Salesforce customer environments.
The company swiftly launched an immediate internal investigation to assess its own exposure to the vulnerability and is treating the matter with high priority. SolarWinds confirmed that its own systems were not impacted by the breach, as it does not utilize the Salesloft Drift integration. However, the incident underscores the importance of robust security measures for third-party integrations.
The primary goal of the threat actors, tracked as UNC6395, was the acquisition of sensitive credentials, such as access keys and passwords. The compromise of OAuth tokens is a potent threat, as these tokens can grant applications extensive permissions to access, modify, and exfiltrate data.
This event highlights the supply chain risks inherent in modern cloud-based software environments. Each integration adds a new layer to an organization's attack surface, making it crucial for organizations to conduct rigorous security vetting of all third-party applications and audit the permissions granted to these integrations regularly.
Enforcing the principle of least privilege and implementing robust monitoring for unusual data access patterns are essential measures to mitigate such risks. The incident also underscores the risks of third-party integrations, where a vulnerability in one application can create a pathway into a larger ecosystem.
SolarWinds continues to monitor the situation for any evolving threats and is treating the incident as a high-priority concern. The company has proactively reviewed its internal security protocols to prevent similar incidents in the future. Despite the breach, SolarWinds' systems and data remain secure following the incident.
Many organizations rely on a web of interconnected third-party applications to enhance the functionality of core platforms like Salesforce. It is crucial for these organizations to prioritize the security of these integrations to protect their data and maintain the trust of their customers.
