HackerOne, a vulnerability coordination platform, experienced a breach in its Salesforce environment due to an attack on the Drift application (provided by Salesloft). Unauthorized actors exploited a vulnerability in Drift’s Salesforce integration, gaining access to a subset of general Salesforce records, including contact information and standard account details. However, no customer vulnerability data, exploit details, or private security reports were exposed, as HackerOne’s strict data segmentation and access controls contained the incident.The breach was isolated to a limited set of records, and HackerOne promptly disabled the compromised integration while collaborating with Salesforce and Salesloft to mitigate risks. External forensic experts were engaged to verify the breach’s scope, and affected individuals were notified. While the incident did not compromise sensitive security data, it exposed non-critical business records, prompting precautionary measures like log reviews and integration updates to prevent future exploits.
Source: https://gbhackers.com/hackerone-data-breach/
TPRM report: https://www.rankiteo.com/company/hackerone
"id": "hac5462354091125",
"linkid": "hackerone",
"type": "Breach",
"date": "9/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Subset of customers with '
'records in Salesforce (exact '
'number unspecified)',
'industry': 'Cybersecurity (Vulnerability Coordination '
'Platform)',
'name': 'HackerOne',
'type': 'Private Company'},
{'customers_affected': 'Multiple companies using '
'Drift-Salesforce integration',
'industry': 'Sales Engagement Software',
'name': 'Salesloft (Drift application provider)',
'type': 'Third-Party Vendor'},
{'customers_affected': 'Customers notified of '
'suspicious activity (including '
'HackerOne)',
'industry': 'Customer Relationship Management (CRM)',
'name': 'Salesforce',
'type': 'Cloud Service Provider'}],
'attack_vector': 'Exploitation of vulnerability in Drift application’s '
'integration with Salesforce',
'customer_advisories': ['Monitor for unusual activity',
'Review account notifications from '
'HackerOne/Salesforce',
'Contact HackerOne’s security support for questions'],
'data_breach': {'data_exfiltration': 'Unconfirmed (under investigation)',
'personally_identifiable_information': 'No',
'sensitivity_of_data': 'Low (no sensitive vulnerability data, '
'exploit details, or PII exposed)',
'type_of_data_compromised': ['contact information',
'standard account details']},
'date_detected': '2024-08-22',
'date_publicly_disclosed': '2024-08-23',
'description': 'HackerOne, a leading vulnerability coordination platform, '
'confirmed that its Salesforce environment was compromised due '
'to an attack on the Drift application provided by Salesloft. '
'The breach allowed unauthorized actors to access certain '
'customer records stored in Salesforce, though no customer '
'vulnerability data was exposed. HackerOne is conducting a '
'thorough investigation and has engaged external forensic '
'experts to assess the full extent of the breach.',
'impact': {'brand_reputation_impact': 'Potential reputational risk due to '
'breach transparency; proactive '
'communication to mitigate impact',
'data_compromised': ['general Salesforce records',
'contact information',
'standard account details'],
'identity_theft_risk': 'Low (no sensitive vulnerability data '
'exposed)',
'operational_impact': 'Drift integration disabled; forensic '
'investigation ongoing',
'systems_affected': ['HackerOne’s Salesforce instance (subset of '
'data accessed via Drift integration)']},
'initial_access_broker': {'entry_point': 'Drift application’s integration '
'with Salesforce'},
'investigation_status': 'Ongoing (external forensic experts engaged; logs and '
'data flows under review)',
'post_incident_analysis': {'corrective_actions': ['Disabled vulnerable '
'integration',
'Secure update to Drift in '
'progress',
'Enhanced logging and '
'monitoring'],
'root_causes': ['Vulnerability in third-party '
'Drift-Salesforce integration']},
'references': [{'source': 'HackerOne Public Disclosure'}],
'response': {'communication_strategy': ['Dedicated support channel for '
'customers',
'Direct notifications to impacted '
'individuals',
'Public transparency (Default to '
'Disclosure policy)'],
'containment_measures': ['Disabled affected Drift integration',
'Data segmentation and access controls'],
'enhanced_monitoring': 'Review of all logs and authentication '
'events related to Drift integration',
'incident_response_plan_activated': 'Yes (immediately upon '
'notification)',
'network_segmentation': 'Yes (rigorous data segmentation helped '
'contain incident)',
'remediation_measures': ['Collaboration with Salesloft to deploy '
'secure update to Drift',
'Review of logs, authentication events, '
'and data flows'],
'third_party_assistance': ['Salesforce',
'Salesloft',
'external forensic experts']},
'stakeholder_advisories': ['Dedicated support channel for customer concerns',
'Direct notifications to impacted individuals'],
'threat_actor': 'Unauthorized party (details unspecified)',
'title': 'HackerOne Salesforce Environment Compromised via Drift Application '
'Vulnerability',
'type': ['third-party breach', 'unauthorized access'],
'vulnerability_exploited': 'Vulnerability in Drift application’s Salesforce '
'integration'}