PagerDuty, a leader in digital operations management, has confirmed a security incident that resulted in unauthorized access to some of its data stored in Salesforce.
The company stated that no PagerDuty platform credentials were compromised and that the breach resulted from a vulnerability in a third-party application, Salesloft Drift.
The incident’s timeline began on August 20, 2025, when PagerDuty was first notified by Salesloft about a potential security issue related to its Drift application.
Three days later, on August 23rd, Salesloft confirmed that attackers had exploited a vulnerability in Drift’s OAuth integration with Salesforce. This “hijacked authorization process” allowed a threat actor to gain unauthorized access to PagerDuty’s Salesforce instance.
PagerDuty has emphasized that the breach was limited in scope. In a statement, the company confirmed, “We have not seen any indication that access to the PagerDuty platform or any other internal systems or resources beyond Salesforce may have occurred.”
The company immediately disabled Salesloft Drift’s access to its Salesforce data upon learning of the compromise and is conducting an ongoing investigation.
The data potentially exposed includes customer contact information such as names, phone numbers, and email addresses. While PagerDuty’s core services and credentials remain secure, the exposure of this contact information raises the risk of targeted phishing and social engineering attacks against its customers.
In light of this potential exposure, PagerDuty is advising all customers to exercise extra vigilance. “PagerDuty will never contact anyone by phone to request a password or any other secure details,” the company warned. “All official communication from PagerDuty comes through our trusted support channels.”
This security event is part of a wider issue affecting customers of the Salesloft Drift application. Background information and technical details on the vulnerability have been published by Salesloft on its trust center, as well as by Salesforce and Google’s Threat Intelligence Group, which has been tracking the activity.
The incident highlights the complex security challenges companies face when integrating third-party applications into their core systems.
On August 27th, Salesloft issued further recommendations for Drift customers who manage their own connections to third-party applications, signaling the ongoing efforts to contain the vulnerability’s impact across the industry.
PagerDuty has assured its customers that it is treating the matter with the utmost seriousness and is working diligently to understand the full scope of the incident.
The company continues to monitor the situation closely and is committed to providing updates as its investigation progresses. Customers are urged to be cautious of unsolicited communications and to report any suspicious activity.
Confirmed victims of this supply chain attack include:
- Palo Alto Networks: The cybersecurity firm confirmed the exposure of business contact information and internal sales data from its CRM platform.
- Zscaler: The cloud security company reported that customer information, including names, contact details, and some support case content, was accessed.
- Google: In addition to being an investigator, Google confirmed a “very small number” of its Workspace accounts were accessed through the compromised tokens.
- Cloudflare: Cloudflare has confirmed a data breach where a sophisticated threat actor accessed and stole customer data from the company’s Salesforce instance.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post PagerDuty Confirms Data Breach After Third-Party App Vulnerability Exposes Salesforce Data appeared first on Cyber Security News.
