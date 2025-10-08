Salesforce announced on Tuesday that it would not give in to demands from a group of hackers claiming to have stolen a large amount of data and threatening to publish it. According to an internal message cited by Bloomberg News, the company has "credible intelligence" indicating that the ShinyHunters group is preparing to release compromised data following an incident earlier this year. The attack did not directly target Salesforce but rather a third-party application, Drift, developed by SalesLoft Inc., used to automate customer communications within the platform.

The hack allegedly allowed the theft of data belonging to several organizations using Salesforce. The company confirmed that no breach had been detected on its own infrastructure and assured that it would not pay any ransom, while actively supporting the customers concerned. The compromised data mainly includes contact and technical support information, but in some cases, authentication tokens and system configuration elements were also exposed.

On August 19, SalesLoft advised users to regenerate their access tokens between Drift and Salesforce after a Google Threat Intelligence alert revealed a widespread data theft campaign targeting these integrations. Since then, Salesforce has disabled all connections with SalesLoft technologies. This decision aims to strengthen the security of its ecosystem as the proliferation of attacks via partner applications increasingly weakens large cloud platforms.