InfoSecBulletin Cybersecurity for mankind
Elastic reported a security incident caused by a breach at Salesloft Drift, leading to unauthorized access to an internal email account with valid credentials. The company’s main Salesforce system was unaffected, but the incident revealed sensitive information in a few emails.
Salesloft Drift reported a security incident affecting its platform on August 26, 2025. A subsequent in-depth report from Google’s Threat Intelligence Group detailed the threat actor’s activities related to the breach.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Elastic activated its incident response protocols to proactively investigate any possible impact on customers using Drift for business applications. Elastic’s security team started an investigation to see if any company or customer data was exposed, even though they weren’t directly notified of being affected.
Scope Of The Impact:
Elastic’s investigation confirmed that its Salesforce environment was not compromised. However, the team discovered that a single email account had been exposed through the “Drift Email” integration. Unauthorized access might have allowed someone to only read emails in that inbox. Security personnel found a few emails in the inbox containing potentially valid credentials.
Elastic informed potentially affected customers via their support channels. The company said that customers who didn’t get a direct notification were not affected by the credential leak. After the Drift incident, Elastic’s Information Security team quickly acted to control the threat and evaluate the damage.
The team conducted a thorough investigation, analyzing access logs, network activity, and system settings to gauge the data exposure. The first crucial action was to disable all Drift integrations in Elastic’s environment to prevent further risk from the compromised third-party platform.
The team checked open-source intelligence for Indicators of Compromise (IOCs) and worked with Drift’s security team for more information. Elastic is committed to transparency and protecting customer data, and is actively monitoring for updates on the situation.
