Last updated: September 8, 2025
We want to make customers aware of a recent third-party security incident involving Salesloft’s Drift integration with Salesforce.
What Happened?
Salesloft disclosed that OAuth tokens authorized via their Drift integration were exposed. If your team authorized a Salesforce token through Salesloft Drift, that token may have been compromised. As a result, unauthorized actors may have accessed your Salesforce instance.
How This Relates to LeanData
LeanData itself was not compromised in this incident.
However, if your Salesforce org was accessed due to the Salesloft breach, it’s possible that the bad actors queried LeanData-managed objects within Salesforce. These could include configuration settings or log data related to Leads and Contacts.
Importantly:
- Any sensitive data (e.g. credentials) within these objects is encrypted and not usable.
- The information accessed is considered low risk.
- This breach does not impact LeanData’s integration with Salesloft.
- LeanData has conducted an internal review and found no vulnerabilities or unauthorized access within our platform.
Do I Need to Take Action?
Only if you use Salesloft Drift and have authorized a Salesforce token through it. In that case, as a precaution, we recommend:
- Reauthorizing your Salesforce token to invalidate any potentially exposed tokens.
- Contacting your internal Salesforce admin or security team to confirm if access was logged.
If you do not use Salesloft Drift, or have not authorized Salesforce through it, no action is needed.