What types of data were exposed in the Palo Alto Networks breach?

The exposed data includes customer business contact information including names and contact details, company attributes and organizational information, basic customer support case information and metadata, and internal sales account details and customer relationship data.

Were technical support files compromised in the Palo Alto Networks breach?

No, Palo Alto Networks claims that no technical support files or attachments to customer support cases were included in the data exfiltration. The breach was limited to basic contact information, case metadata, and sales relationship data rather than technical documentation or sensitive attachments.

How many people were affected by the Palo Alto Networks data breach?

The number of affected individuals has not been disclosed by Palo Alto Networks. The company has not provided specific numbers regarding how many customers, contacts, or business associates may have had their information exposed.

What immediate actions did Palo Alto Networks take after discovering the breach?

Palo Alto Networks revoked all associated OAuth tokens and rotated affected credentials following the incident discovery. The company's Unit 42 incident response team continues to conduct forensic analysis to understand the full scope and impact of the breach.

Is Palo Alto Networks contacting affected customers about the breach?

Yes, Palo Alto Networks is reaching out to a limited number of customers who may have had more commercially sensitive data exposed during the breach. The company appears to be taking a targeted approach to customer notification based on the sensitivity of the information that may have been accessed.

Was this breach part of a larger campaign affecting multiple companies?

Yes, the Palo Alto Networks breach was part of a broader supply chain attack that affected multiple organizations using Salesloft Drift integrations with their Salesforce environments. The compromise of the Drift platform's OAuth tokens enabled attackers to access numerous companies' CRM systems that relied on this third-party integration.

What should Palo Alto Networks customers do about this breach?

Customers should monitor official communications from Palo Alto Networks regarding the incident, be cautious of social engineering attempts that might use exposed contact information, watch for suspicious emails or calls claiming to be from Palo Alto Networks, and follow any specific guidance provided by the company's incident response team. Customers with concerns should contact Palo Alto Networks directly through official channels.

Incident

Palo Alto Networks reports data breach caused by Salesloft Drift supply chain attack

Q: What happened to Palo Alto Networks in the data breach?

Palo Alto Networks experienced a data breach affecting its Salesforce customer relationship management (CRM) environment after attackers used stolen OAuth credentials from the compromised Salesloft Drift platform to gain access to sensitive business information. The breach occurred between August 8 and August 18, 2025.

Q: How did attackers gain access to Palo Alto Networks' systems?

The breach was caused by a compromise of Salesloft's Drift artificial intelligence chat application, which maintained OAuth token-based integration with Palo Alto Networks' Salesforce environment. Attackers exploited stolen authentication credentials from the Drift platform compromise to gain unauthorized access to the CRM system.

published: Sept. 3, 2025

Learn More

Palo Alto Networks is reporting a data breach affecting its Salesforce customer relationship management (CRM) environment after attackers used stolen OAuth credentials from the compromised Salesloft Drift platform to gain access to sensitive business information.

The breach is caused by a compromise of Salesloft's Drift artificial intelligence chat application, which maintained OAuth token-based integration with Palo Alto Networks' Salesforce environment. Attackers exploited stolen authentication credentials to gain access to the company's CRM platform between August 8 and August 18, 2025.

Palo Alto Networks claims that the incident was isolated to the Salesforce environment and did not affect any of the company's security products, systems, or services. Exposed data includes:

Customer business contact information, including names and contact details
Company attributes and organizational information
Basic customer support case information and metadata
Internal sales account details and customer relationship data

The number of affected individuals is not disclosed.

Palo Alto Networks claims that no technical support files or attachments to customer support cases were included in the data exfiltration.

Palo Alto Networks revoked all associated OAuth tokens and rotated affected credentials following the incident discovery. Their Unit 42 incident response team continues to conduct forensic analysis. Palo Alto Networks is reaching out to a limited number of customers who may have had more commercially sensitive data exposed.

Palo Alto Networks reports data breach caused by Salesloft Drift supply chain attack

Read More
Shell reports they were impacted by the MOVEit …
Dollar Tree reports third-party data breach, exposing 2 …
Trezor crypto wallet vendor reports third party breach, …
EmEditor website compromised to distribute Infostealer malware
Cyberattack on UK software developer causes data breach …