Salesloft’s Drift Integration Security Incident Impacting Some PagerDuty Salesforce Data

Per our recent post , we were notified in late August that PagerDuty (and our customers) were affected by the Salesloft-Drift breach. We shared what we knew at the time. Our investigation is ongoing - please consider the following to represent the current state of our findings from our ongoing efforts.

What Happened
On August 20, 2025 we were notified by Salesloft, a third-party vendor, of a potential security issue in Salesloft's Drift application. On August 23, Salesloft informed us that its Drift OAuth i ntegration flow with Salesforce had been compromised, exposing some PagerDuty customer support and case management data. As Salesloft shared , a threat actor used OAuth credentials to exfiltrate data from Salesloft's customers' Salesforce instances. As a result, that threat actor gained access to data in our Salesforce instance. We have no evidence of unauthorized access to the PagerDuty platform at this time.

What Data Was Exposed
The accessed instance of Salesforce is what we use for customer support and internal customer case management. Most of this information is customer contact information, which may include names, phone numbers, and email addresses, as well as support case data. For some customers, the information also contained even more sensitive information like API access tokens or other sensitive data that a customer may have shared with PagerDuty.

Remediation for Customers
We have reviewed the affected support case data and identified a limited number of instances where customers had shared their PagerDuty-issued API keys with us.

Out of an abundance of caution, PagerDuty has reached out to that small cohort of customers and proactively revoked the PagerDuty API keys identified in those support cases. Our support team has been in touch with those customers whose API keys were identified and revoked .

While the set of customers with affected API keys is extremely limited at this point , we strongly recommend that all of our customers rotate your API keys and/or credentials as a best practice.

Given that some of the potentially exposed information includes names, phone numbers and email addresses, we also recommend extra vigilance with respect to potential phishing and social engineering attacks. PagerDuty will never request a password or any other secure details. All official communication from PagerDuty comes through our trusted support channels.

What PagerDuty Is Doing
Our investigation is ongoing and we continue to work with our partners to ensure our review is thorough and comprehensive. In addition to the ongoing investigation outlined above to identify the impact of this security incident on our customers, we deactivated the integration between Salesforce and Drift, disabled all additional third-party integrations to Drift, and we are actively engaging with our third-party security partners to evaluate ways to better secure third-party integrations.

Our Commitment
While this incident originated from a third-party service, we understand that the tools we choose and grant access to are ultimately our responsibility, and we sincerely apologize for the impact this incident may have had on our customers. We recognize that whether an incident occurs on our platform or via our vendors' tools, any impact to our customers is ultimately a reflection on us, and we are very sorry for the consequent distractions our customers might be facing.

Please contact [email protected] with any questions or concerns.