← Back to Newsroom

Customer Security Notification: Salesloft Drift Incident

Salesloft recently disclosed a security incident involving its Drift application. The incident resulted in unauthorized access affecting several Salesforce customers, including Whatfix.

The breach involved the theft of OAuth tokens connected to Salesloft Drift, a third-party application that automates sales workflows and integrates with Salesforce databases to manage leads and contact information.

Impact on Whatfix

This incident was limited to Whatfix’s Salesforce instance. It did not affect any Whatfix products, services, core systems, or infrastructure that deliver value to our customers.

The compromised data and information that may be affected include all CRM related content, including:

  • Name
  • Job Title
  • Business email address
  • Phone number
  • Business address
  • Region and/or location details
  • Account notes, such as observations, communication summaries (including emails and meetings), and any shared credentials.
  • Whatfix licensing and commercial information

Actions Taken by Whatfix

Containment (Immediate Measures)

  • OAuth Token Revocation: Revoked all Drift OAuth tokens across our Salesforce environment.
  • Application Removal: Fully removed the Drift application from our Salesforce instance.
  • Access Monitoring: Implemented enhanced real-time monitoring for all connected applications.

Prevention (Ongoing Measures)

  • Forensic Analysis: Conducting a detailed audit of accessed data and API calls during the incident.
  • Credential Review: Reviewing and rotating all API keys and authentication tokens.
  • Third-Party App Assessment: Performing security evaluations of all integrations to strengthen resilience.

Commitment to Security

At Whatfix, safeguarding customer trust and data is our highest priority. We are actively working with partners to ensure the integrity of our systems and will provide timely updates as the investigation progresses.

You will be notified immediately if we uncover any findings that directly affect your account or data. If no such findings are identified, no further action will be required on your part.

Other relevant information about the Salesloft incident can be accessed here:

Whatfix Unveils ScreenSense: An AI Technology to Shape the Next Frontier of Digital Adoption
Read now →
2024 Gartner® Voice of the Customer Report Named Whatfix a Customers’ Choice for Digital Adoption Platforms
Read now →

Resources

BLOG
Quantifying the ROI of a DAP Investment
See how DAPs like Whatfix enable organizations to drive business outcomes by maximizing technology usage across the application lifecycle.
Read the article →
WHITEPAPER
How to Build a Digital Adoption Business Case
Learn how to create an enterprise business case for pitching a digital adoption platform investment to key stakeholders.
Get the whitepaper →
ANALYST REPORTS
Whatfix Named a Leader in the Forrestor Wave
See why Whatfix was named a Leader in the Forrester Wave: Digital Adoption Platforms, Q4 2024 Report
Get the report →
CUSTOMER STORIES
Explore success stories from Whatfix customers
Learn how organizations like Experian, Manpower, REG, and Sentry partner with Whatfix to drive user adoption and achieve operational excellence.
Read case studies →
Software Clicks Better With Whatfix
AI-powered in-app guidance, hands-on training, and adoption insights to contextually enable every user, on any application, task, or workflow.
Explore Whatfix
Request a Whatfix Demo
g2-reviews