Salesloft experienced a cybersecurity breach between August 8 and August 18, 2025, in which hackers exploited its Drift AI chat agent integration to steal OAuth tokens. These tokens were then used to access and exfiltrate data from numerous Salesforce customer environments. The attackers targeted not only marketing chat data but also sensitive credentials, including AWS access keys and Snowflake tokens. Google’s Threat Intelligence Group identified this as part of a widespread data theft campaign compromising hundreds of Salesforce customers over the 10-day period. The hacking group UNC6395 has been linked to the OAuth token theft. Additionally, a separate cyberattack attributed to the group Storm-0501 targeted Microsoft Azure, stealing data and demanding payment via Microsoft Teams. The Salesforce breach highlights risks associated with third-party applications integrated into enterprise platforms.