Cloudflare reported that the Salesloft/Drift breach allowed an external actor to access its Salesforce instance used for customer support and case management. The majority of exposed data consisted of customer contact information and basic support case details. Some support interactions may include configuration details and sensitive items such as access tokens. Cloudflare advised that any information shared through its support system, including logs, tokens, or passwords, should be considered compromised and recommended rotating those credentials. Cloudflare attributed the intrusion to a group it tracks as GRUB1 (aligned with Google's UNC6395) and rotated all security tokens as a precaution.
Because of this breach, someone outside Cloudflare got access to our Salesforce instance, which we use for customer support and internal customer case management, and some of the data it contains,
Most of this information is customer contact information and basic support case data, but some customer support interactions may reveal information about a customer's configuration and could contain sensitive information like access tokens,
Given that Salesforce support case data contains the contents of support tickets with Cloudflare, any information that a customer may have shared with Cloudflare in our support system - including logs, tokens or passwords - should be considered compromised, and we strongly urge you to rotate any credentials that you may have shared with us through this channel.
Collection
[
|
...
]