In August 2025, Dynatrace experienced a third-party breach via Salesloft’s **Drift** application, which exploited integrations with **Salesforce CRM**, granting unauthorized access to partial customer data. The exposed information was limited to **basic business contact details** (e.g., names of customer representatives and company identifiers) stored in Salesforce systems used for business operations. No sensitive customer usage data, Dynatrace products, services, or operational systems (including monitoring/observability) were compromised. The company disabled the Drift integration, launched an investigation with external cybersecurity experts, and confirmed no evidence of broader exposure. While no direct financial or reputational harm was reported, Dynatrace warned customers of potential **phishing or social engineering risks** leveraging the leaked contact details. Salesloft and Salesforce restored secure connections by September 7, 2025, and Dynatrace continues monitoring for suspicious activity.
Source: https://gbhackers.com/dynatrace-data-breach/
TPRM report: https://www.rankiteo.com/company/dynatrace
"id": "dyn3932439090925",
"linkid": "dynatrace",
"type": "Breach",
"date": "8/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Software (Observability/Monitoring)',
'name': 'Dynatrace',
'type': 'Technology Company'},
{'customers_affected': 'Multiple companies (scope '
'varied by organization)',
'industry': 'Sales Engagement Software',
'name': 'Salesloft (Drift application)',
'type': 'Third-Party Vendor'},
{'customers_affected': 'Multiple companies using '
'Drift-Salesforce integration',
'industry': 'Cloud Computing',
'name': 'Salesforce',
'type': 'CRM Platform'}],
'attack_vector': ['exploited third-party integration (Drift)',
'compromised Salesforce CRM connections'],
'customer_advisories': 'Dynatrace will never request login credentials, '
'authentication codes, or sensitive details via '
'unsolicited communications.',
'data_breach': {'personally_identifiable_information': ['Names of customer '
'representatives',
'Company identifiers'],
'sensitivity_of_data': 'Low (no sensitive customer usage '
'data, support cases, or '
'authentication details)',
'type_of_data_compromised': ['business contact details '
'(names, company identifiers)']},
'date_detected': '2025-08',
'date_resolved': '2025-09-07',
'description': 'Dynatrace confirmed that customer data stored in Salesforce '
'was exposed following a third-party breach involving '
'Salesloft’s Drift application. The incident occurred in '
'August 2025, allowing unauthorized access to Salesforce CRM '
'data across multiple companies. Attackers exploited '
'connections between Drift and Salesforce, gaining partial '
'access to CRM data. The exposed data was limited to basic '
'business contact details (e.g., names of customer '
'representatives, company identifiers). Dynatrace disabled the '
'Drift integration, launched an investigation with external '
'experts, and confirmed no impact on its products, services, '
'or operational systems. Customers were advised to remain '
'vigilant against phishing attempts leveraging the exposed '
'contact details.',
'impact': {'brand_reputation_impact': 'Potential risk due to exposure of '
'customer contact data',
'data_compromised': ['basic business contact details (names, '
'company identifiers)'],
'identity_theft_risk': 'Low (only basic contact details exposed)',
'operational_impact': 'None (Dynatrace operations remained '
'uninterrupted)',
'systems_affected': ['Salesforce CRM (limited to Drift '
'integration)']},
'initial_access_broker': {'entry_point': 'Drift application (Salesloft)'},
'investigation_status': 'Completed (as of 2025-09-07)',
'post_incident_analysis': {'corrective_actions': ['Disabled compromised '
'integration',
'Restored secure '
'connections',
'Enhanced monitoring'],
'root_causes': ['Vulnerability in Drift-Salesforce '
'integration security']},
'recommendations': ['Remain alert to phishing/social engineering attempts '
'using exposed contact details.',
'Verify communications/links originate from official '
'Dynatrace domains.',
'Navigate directly to Dynatrace’s official website if in '
'doubt.',
'Use regular support channels for verification.'],
'references': [{'source': 'Dynatrace Public Advisory'}],
'response': {'communication_strategy': ['Public advisory',
'Customer notifications with '
'preventive precautions'],
'containment_measures': ['Disabled Drift integration in '
'Salesforce',
'Launched internal investigation'],
'enhanced_monitoring': ['Ongoing monitoring for suspicious '
'activity'],
'incident_response_plan_activated': True,
'remediation_measures': ['Restored secure connections (by '
'Salesloft/Salesforce)'],
'third_party_assistance': ['External cybersecurity experts']},
'stakeholder_advisories': 'Customers advised to take preventive precautions '
'against phishing.',
'title': 'Dynatrace Customer Data Exposure via Salesloft’s Drift Application '
'Breach',
'type': ['data breach', 'third-party compromise', 'unauthorized access'],
'vulnerability_exploited': 'Weakness in Drift-Salesforce integration security'}