Dynatrace has confirmed it was impacted by a third-party data breach originating from the Salesloft Drift application, resulting in unauthorized access to customer business contact information stored in its Salesforce CRM.
The company confirmed that the incident was limited to its CRM platform and did not impact any core Dynatrace products, services, or sensitive customer environments.
The security incident originated in August 2025, when threat actors compromised Salesloft’s Drift application, a popular third-party tool used for customer engagement.
This compromise allowed the attackers to gain unauthorized access to the Salesforce environments of companies utilizing the app.
In response to the attack, Salesloft and Salesforce moved to disable the compromised connections and began notifying affected clients, which included the observability giant Dynatrace.
Dynatrace’s Response And Investigation
Upon receiving notification of the third-party breach, Dynatrace’s security team took immediate action by disabling the Drift application within its environment to sever the connection and prevent further unauthorized access.
The company launched a comprehensive investigation, bringing in third-party cybersecurity experts to determine the full scope of the incident.
The investigation confirmed that the malicious activity was limited exclusively to its Salesforce CRM instance, which the company uses for managing customer relationships and marketing activities.
Critically, Dynatrace clarified that none of its own products or services were compromised. This includes any systems that house customer data or services that directly interface with customer systems.
Furthermore, the company reported that it does not utilize the “case function” within Salesforce, meaning no customer support case information was accessible to the attackers.
Dynatrace assured stakeholders that the incident caused no disruption to its business operations. The data exposed in the breach is limited to business contact information. This includes the first and last names of customer contacts and their associated company identifiers.
No sensitive credentials, financial details, or other confidential information were accessed. After a period of investigation and remediation, Salesloft notified Dynatrace on September 7th that the secure connections had been re-enabled.
In light of the exposure of business contact information, Dynatrace has issued guidance to its customers, urging them to exercise increased caution against potential social engineering and phishing campaigns.
The company emphasized that its employees will never contact customers via phone or email to request passwords, multi-factor authentication (MFA) codes, or other sensitive credentials.
Customers are advised to be vigilant and verify that all communications and links originate from trusted Dynatrace domains.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
