A recent supply-chain attack has exposed Salesforce CRM data from hundreds of global organisations—including Cloudflare, Zscaler, Palo Alto Networks, PagerDuty, and TransUnion—via a compromised chatbot integration called Drift. In this blog, we unpack how the breach unfolded, what types of data were accessed, and why even indirect exposure can lead to serious phishing risks. We also share practical steps your organisation can take to stay protected, and highlight how vendors are responding to strengthen third-party security. If your business relies on Salesforce or any of the affected vendors, this is essential reading.
