Dynatrace has confirmed that customer data stored in its Salesforce environment was compromised following a cyberattack targeting Salesloft’s Drift application.
The incident granted unauthorized access to Salesforce CRM data across multiple organizations, prompting immediate response measures from both Salesloft and Salesforce to disable compromised integrations and notify affected customers.
The breach originated from attackers exploiting the Drift communication and sales engagement platform, which maintained connections to various Salesforce instances.
Through these compromised integrations, cybercriminals gained partial access to CRM databases containing business contact information and customer relationship data.
Dynatrace was among the companies affected, though the monitoring and observability provider emphasized that the incident was strictly confined to its Salesforce business operations systems.
According to Dynatrace’s official response, no core products, services, or systems containing sensitive customer usage data were impacted during the breach.
The company’s entire platform ecosystem, including its monitoring and observability services, continued operating without interruption throughout the incident investigation.
This isolation prevented attackers from accessing critical operational data or customer performance metrics that form the foundation of Dynatrace’s service offerings.
The scope of compromised data was limited to basic business contact details stored within Salesforce, including customer representative names and company identifiers.
Notably, Dynatrace confirmed that no customer support cases or related technical details were exposed since the company does not utilize Salesforce’s case management functionality.
This architectural decision significantly reduced the potential impact by keeping sensitive support communications separate from the compromised environment.
Immediate Response and Remediation Efforts
Upon detecting suspicious activity linked to the Drift integration, Dynatrace immediately disabled the connection within its Salesforce environment and initiated a comprehensive internal investigation.
The company collaborated with external cybersecurity experts to assess the full scope of the breach and implement additional protective measures.
Salesloft and Salesforce worked in parallel to restore secure connections, completing remediation efforts by September 7, 2025.
Dynatrace’s security team continues monitoring for any ongoing suspicious activity that could be connected to the incident.
The company has found no evidence suggesting that other environments or operational systems were compromised beyond the isolated Salesforce integration.
This containment demonstrates the effectiveness of proper system segmentation in limiting breach impact across enterprise environments.
Given the exposure of business contact information, Dynatrace is advising customers to remain vigilant against potential phishing and social engineering attempts that could leverage the compromised data.
The company emphasizes that it will never request login credentials, authentication codes, or sensitive information through unsolicited communications.
Customers should verify that all communications originate from official Dynatrace domains and contact the company directly through established support channels when uncertain about message authenticity.
The company reaffirmed its commitment to data protection, stating that safeguarding customer privacy remains fundamental to its operations despite this third-party compromise affecting its business systems.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=The breach originated from attackers exploiting the Drift communication and sales engagement platform, which maintained connections to various Salesforce instances.){kind=link}