Skip to main content
Book a Consultation
Contact Us

Summary of the Salesforce Vendor Breach (Late November 2025)

USUA keeps you in the loop of top breaks happened across the globe.

1. How Everything Started

Back in August 2025, hackers didn’t go after Salesforce itself.
Instead, they attacked two outside apps that many companies rely on: Salesloft and Drift.

These apps have special access keys (basically digital “master passes”) that let them automatically connect to their customers’ Salesforce accounts.
The hackers managed to break into Salesloft and Drift and steal those keys.
And once they had the keys – well, they didn’t need to break into Salesforce. The door was already open.

2. Things Escalate

By late October 2025, the attackers used those stolen keys to go even further.
They accessed systems inside Gainsight, another major platform that also integrates deeply with Salesforce.

This turned the whole thing into a domino effect:
one hacked vendor → gave access to the next vendor → which opened up even more customer environments.

3. Salesforce Detects the Attack

On November 20th, Salesforce noticed something strange.
These connected apps were suddenly pulling way more data than usual – a big red flag.
Salesforce quickly investigated and realized the activity came from those compromised third-party integrations.
To stop the attack, they:

  • immediately revoked all the access keys,
  • temporarily removed the affected apps from AppExchange,
  • and notified all the customers involved.

Early estimates show that over 285 Salesforce customer environments were impacted.

4. The Bigger Lesson

So the whole chain basically looked like this:
Breach #1 → stolen keys → used those keys to enter System #2 → gained even more access. What makes this incident so important is that Salesforce itself wasn’t breached.
The real problem was too much trust – in outside applications – apps that had broad, long-lasting access to customer data. As we in USUA always remind every our client.
The takeaway is simple:
Limit what third-party apps can do, keep an eye on their behavior, and don’t rely on trust alone.
This is exactly why USUA keeps pushing toward a Zero Trust model.