Cato Networks Statement on Salesforce-Salesloft Drift Incident 

We want to share an important update in light of the recent security incident involving Salesloft Drift, a third-party application connected to Salesforce.  

The issue centers on the misuse of OAuth tokens associated with the Drift app. Salesforce and other vendors identified unauthorized access between August 8 and 18, 2025. The incident has impacted hundreds of Salesforce customers. The Cato SASE Cloud Platform,  services and infrastructure, were not affected in any way. 

Once identified, Cato immediately implemented a range of measures upon notification and initiated a thorough investigation:

• Disconnected Drift Integration: The Salesforce-Drift connection was frozen. 
• Disabled API Access: Relevant APIs and third-party integrations were turned off. 
• Incident Review: Our internal teams, with support from external specialists, conducted a thorough investigation. 
• Activated Dark Web Monitoring: Cato CTRL, Cato’s threat intelligence team, is actively monitoring dark web forums, private chat channels, marketplaces, and other resources for signs of leaked data. 

Our investigation determined that the incident was limited to data accessed through the compromised Salesforce integration. The Cato SASE Cloud Platform and internal production systems were not impacted. The exposed Salesforce data included: customer business contact information, company attributes, and basic customer case information. 
Investigation has currently found no evidence to suggest misuse of any said information. 

Customer Guidance: Be Alert

Even though there is no evidence of misuse, it’s important to stay alert. The Salesloft Drift industry-wide breach may enable very targeted attacks. We encourage you to take the following precautions:

• Review inbound communications carefully. Be cautious of unexpected outreach – especially messages that urge quick decisions or request sensitive information.
• Validate senders independently. If a message claims to be from a trusted source but seems off in tone or timing, use a separate channel to confirm its legitimacy.
• Protect login credentials. Avoid sharing passwords, two-factor authentication codes, or sensitive business data in response to unsolicited contact.

Cato will never ask for personal or account information via unverified channels. If you come across any questionable outreach that appears connected to this incident or if you have any questions, please contact Cato Support.

We appreciate your continued vigilance and will provide updates if further relevant developments arise. We’re here for you.