Security Advisory — September 2025 Breach  ·  Updated April 2026

700+ orgs had Salesforce data exfiltrated.
Security shouldn't be an afterthought.

In August 2025, a breach through Salesloft/Drift exposed Salesforce data from 700+ organizations. FINRA issued a cybersecurity alert. Salesforce removed Drift from AppExchange. Velaro has never had a data incident.

Start Free Trial — No Credit Card Talk to Security Team
700+
Orgs breached
Sept 2025
FINRA alert issued
0
Velaro data incidents
Salesloft / Drift
Sept 2025 Breach
Velaro
SOC 2 Certified
Salesloft breach: Sept 2025 — 700+ orgs affected
OAuth tokens stolen, Salesforce Bulk API used to exfiltrate data. FINRA alert issued.
Velaro: SOC 2 certified — no breach history
What Happened

The 2025 Drift/Salesloft Breach - By the Numbers

This is not speculation. It's documented by Mandiant (Google Cloud), FINRA, Cloudflare, and a dedicated breach tracker at driftbreach.com.

700+
Customer organizations had Salesforce data accessed without authorization
40+
Named victims confirmed publicly, including Cloudflare, Palo Alto Networks, Zscaler, Workday, and PagerDuty
104
API tokens exposed in Cloudflare's stolen support case data alone

Breach Timeline

March–June 2025
Threat actor group UNC6395 / GRUB1 compromised Salesloft's GitHub account and maintained persistent access for months without detection.
Source: Google Cloud / Mandiant
August 8–18, 2025
Attackers pivoted into Drift's AWS environment and stole OAuth tokens from customer Salesforce integrations. Using these tokens, they bypassed MFA and exfiltrated data from 700+ customer Salesforce orgs using Salesforce Bulk API 2.0. Attack records were deleted to cover tracks.
Source: Google Cloud / Mandiant, UpGuard
August 20, 2025
Salesforce removed Drift from its AppExchange marketplace pending investigation.
Source: Multiple
September 2025
FINRA issued a formal cybersecurity alert to all member firms. Cloudflare published a full incident response report disclosing 104 API tokens in stolen data. Organizations instructed to immediately disconnect all Salesloft/Drift integrations and rotate all credentials.
Source: FINRA, Cloudflare Blog

Confirmed affected organizations include

Cloudflare Palo Alto Networks Zscaler Proofpoint PagerDuty Workday Toast Fastly HackerOne Nutanix BeyondTrust Avalara 700+ total
Why Velaro

Security that doesn't make headlines.

The Drift breach happened because of stolen OAuth tokens from a vendor's cloud environment. Here's how Velaro is built differently - and what that means for your data.

SOC 2 Compliance
Velaro's security controls are audited against SOC 2 Trust Service Criteria. Documentation available under NDA. Your infosec team has seen this process before - we make it easy.
Full Audit Logs
Every action in your Velaro workspace is logged with user, timestamp, and IP. If something happens, you'll know exactly what, when, and by whom - not weeks later.
Role-Based Access Controls
Granular permissions per agent, team, and channel. Admins control exactly what each user can see and do. Least-privilege access by default.
SSO / SAML
Integrate with your existing identity provider - Okta, Azure AD, Google Workspace. Single sign-on means one less set of credentials to manage and one less attack surface.
Encryption at Rest & In Transit
AES-256 encryption at rest. TLS 1.3 in transit. Hosted on Azure with geographic data residency options. No credential storage in conversation data.
Security Review Ready
Pen test results, GDPR DPA, sub-processor list, and vulnerability disclosure documentation - all available within 24 hours under NDA for your security review team.
Head to Head

Drift vs. Velaro on security

Security Criteria Drift / Salesloft Velaro
OAuth token supply-chain exposure Confirmed - 700+ orgs affected Not applicable
Salesforce AppExchange status Removed Aug 2025 Active
FINRA cybersecurity alert issued Yes - Sep 2025 No alert
SOC 2 audit compliance - In progress - docs available
Full audit logs - All actions logged
Role-based access controls - Granular RBAC
SSO / SAML - Okta, Azure AD, Google
Security review documentation - Within 24hrs under NDA
GDPR Data Processing Agreement - Available

What Drift customers experienced

These are documented incidents from the breach, reported by affected organizations.

Cloudflare Blog - Sep 2, 2025
"Case subject lines, body text, and customer contact information [were] stolen... 104 Cloudflare API tokens were found in the exposed data."
Cloudflare, Inc. - Official incident disclosure
FINRA - September 2025
FINRA issued a formal cybersecurity alert to all member firms following the Salesloft/Drift supply-chain attack, advising firms to assess exposure and disconnect affected integrations.
Financial Industry Regulatory Authority - FINRA.org
WTW - September 2025
"The Drift OAuth Breach: A Cybersecurity Wake-Up Call" - the incident highlights risks from third-party OAuth integrations that can be exploited without any action from the end customer.
Willis Towers Watson - wtwco.com
ProcessUnity - 2025
"Lessons from the Drift/Salesloft Breach: A Wake-Up Call for Third-Party Risk Management" - organizations must evaluate vendor security posture, not just their own.
ProcessUnity - Third-Party Risk Management platform

Frequently Asked Questions

What happened to Drift?

Drift was acquired by Salesloft in 2024 and rebranded as part of the Salesloft platform. In August 2025, a security breach through the Salesloft/Drift OAuth integration exposed Salesforce data from over 700 organizations. FINRA and other regulatory bodies issued formal alerts. Many enterprise teams began evaluating alternatives immediately following the incident.

What is the best Drift alternative in 2026?

Velaro is the leading Drift alternative for teams that require enterprise security without a per-resolution billing model. With 26 years of operation and zero data incidents, Velaro offers SOC 2 compliance, SSO, audit logs, and HIPAA/PCI options - without the supply-chain risk that came with the Drift/Salesloft architecture.

Is Velaro a good replacement for Drift?

Yes. Velaro covers all core Drift capabilities - live chat, AI bot automation, meeting scheduling, proactive engagement, and CRM integration - while adding enterprise security controls that Drift/Salesloft lacked. Teams migrating from Drift typically go live within 2–3 weeks.

How does Velaro compare to Drift/Salesloft?

Drift was optimized for B2B pipeline and meeting booking. Velaro is built for teams that need both sales and support conversations at scale, with a flat conversation-based pricing model instead of per-seat fees. Velaro also offers native data integrations, HIPAA-eligible hosting, and a security posture documented through independent audits.

Did Drift have a security breach?

Yes. In August 2025, attackers exploited the OAuth integration between Salesloft (Drift's parent company) and Salesforce, exfiltrating data from 700+ organizations. FINRA issued a formal cybersecurity alert. WTW and ProcessUnity published post-incident analyses. The breach was a supply-chain attack, meaning end customers were affected without any action on their part.

We're not in the business of making
security headlines.

Velaro is built for teams that need enterprise-grade security without the enterprise runaround. SOC 2, audit logs, SSO, and a security team that actually responds.

Start Free Trial → Talk to our Security Team