PagerDuty has confirmed that it skilled an information breach following a compromise of its Salesforce account.
The corporate was first alerted to the difficulty by Salesloft on August 20, 2025, when Salesloft notified PagerDuty of a safety drawback within the Drift utility.
A number of days later, on August 23, Salesloft revealed that attackers had exploited a vulnerability in Drift’s OAuth integration circulate with Salesforce.
By way of this hijacked authorization course of, a risk actor might have gained unauthorized entry to PagerDuty’s Salesforce account. Importantly, no PagerDuty credentials—akin to usernames or passwords—had been uncovered throughout this incident.
On August 27, Salesloft beneficial further steps for patrons who handle their very own Drift connections to third-party purposes.
PagerDuty has since disabled Salesloft Drift’s entry to its Salesforce information whereas the corporate continues to research the incident.
Right now, PagerDuty has discovered no proof that the attacker accessed the PagerDuty platform, inner techniques, or any assets past Salesforce.
Nonetheless, as a result of names, cellphone numbers, and e-mail addresses saved in Salesforce might have been uncovered, PagerDuty encourages all prospects and contacts to stay vigilant.
In mild of the potential publicity, PagerDuty warns of elevated threat of phishing and social engineering assaults.
The corporate stresses that it’s going to by no means name prospects to request a password or different safe particulars. All official communications from PagerDuty come solely by means of acknowledged assist channels.
The background and technical particulars of the safety problem have been shared by Salesloft, Salesforce, and the Google Menace Intelligence Group.
PagerDuty is carefully following steerage from these sources and can take any additional steps wanted to guard buyer information.
The corporate pledges to maintain prospects knowledgeable of any new developments and to offer clear steerage because the investigation progresses.
PagerDuty stays dedicated to the safety and privateness of its prospects. The corporate is reviewing its safety controls and dealing with Salesloft to strengthen the OAuth integration course of.
PagerDuty will proceed to share updates and proposals as they grow to be out there.
For extra info on the Salesloft Drift safety replace, please go to the Salesloft Belief web site, the Salesforce standing web page, or the Google Cloud weblog put up from the Menace Intelligence Group.
PagerDuty thanks its prospects for his or her understanding and cooperation as the corporate works to resolve this problem and safeguard buyer information.
Discover this Story Fascinating! Observe us on LinkedIn and X to Get Extra Instantaneous Updates.
