HackerOne has confirmed that its Salesforce instance was compromised after attackers gained unauthorized access through a vulnerability in the Drift application provided by Salesloft.
The security incident, first flagged by Salesforce on August 22 and corroborated by Salesloft on August 23, impacted a subset of records within HackerOne’s environment.
According to the company, strict segmentation controls prevented any exposure of sensitive customer vulnerability data.
Incident Discovery and Initial Response
Salesforce alerted HackerOne’s security team to a potential breach involving its Salesforce environment.
The following day, Salesloft confirmed that the Drift integration had been exploited, granting attackers entry to records stored in multiple Salesforce objects.
HackerOne’s incident response protocols were immediately activated.
The security team collaborated closely with Salesforce and Salesloft to contain the intrusion, isolate the compromised integration, and begin a comprehensive impact assessment.
Preliminary forensics indicate that attackers leveraged a previously unknown flaw in the Drift application’s authentication mechanism, enabling session hijacking and pivoting to adjacent data stores within the CRM.
Scope Assessment and Data Segmentation Safeguards
HackerOne’s internal controls for data segmentation ensured that only a limited set of non-sensitive records were exposed.
The compromised records included basic account metadata and contact information, but did not encompass proprietary code snippets, vulnerability reports, or customer security assessments.
“Due to our stringent policies governing data access layers and segmentation boundaries, we have no reason to suspect that any customer vulnerability data was exposed,” the company stated.
Security engineers have audited all existing integrations with third-party applications and have implemented additional verification checks on API access tokens and session lifetimes to mitigate the risk of similar attacks.
Forensic teams continue to analyze the full scope of accessed records and the attack vector’s specifics.
HackerOne has deployed enhanced logging and real-time monitoring across its Salesforce instance and related APIs.
Any customers whose records were involved will be notified directly, with guidance on reviewing their account information and updating any relevant credentials.
HackerOne has also engaged an independent cybersecurity firm to conduct a post-mortem review and to validate the efficacy of newly instituted security measures.
As part of its commitment to transparency and its company value of Default to Disclosure, HackerOne will publish a detailed incident report once the investigation concludes.
The company reaffirms that its primary focus remains on safeguarding customer data and maintaining the integrity of its vulnerability disclosure platform.
In the interim, all customers are encouraged to verify their Salesforce integration settings and to apply recommended security updates from Salesloft and Salesforce.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=The security incident, first flagged by Salesforce on August 22 and corroborated by Salesloft on August 23, impacted a subset of records within HackerOne’s environment.){kind=link}