Salesloft’s Drift: The Supply Chain Attack Comedy of Errors Unfolds
Salesloft has announced that Drift will go temporarily offline due to a sweeping supply chain attack. The attack has led to the theft of authentication tokens, potentially affecting over 700 organizations. The company is working with cybersecurity experts to bolster system security, leaving the chatbot temporarily unavailable.

Hot Take:
Oh, Drift! Seems like someone forgot to drift-proof the boat and now we’re taking on water faster than a leaky canoe. Salesloft, in an unexpected plot twist, has decided to ground Drift for a quick ‘security spa day.’ In the meantime, their chatbots are going on an unplanned sabbatical. So if you’re waiting for Drift to return your calls, you might want to pack a lunch. Also, if you’re one of the 700 organizations clutching your OAuth tokens like they’re the last chocolate chip cookies at a bake sale, you might want to double-check your pantry. This is one spicy supply chain attack that’s got everyone saying ‘Oh ship!’
Key Points:
- Salesloft is temporarily taking Drift offline due to a supply chain attack targeting its marketing SaaS product.
- The attack involved the mass theft of authentication tokens and affected over 700 organizations.
- Salesloft is collaborating with cybersecurity giants Mandiant and Coalition to resolve the situation.
- Google’s Threat Intelligence Group and Mandiant revealed the attack, which exploited OAuth tokens linked to Drift.
- Salesforce has paused all integrations with Salesloft as a precautionary measure, affecting several businesses including Cloudflare.