Salesloft Drift Application Incident Response

Barracuda is actively monitoring the widespread data theft campaign associated with Salesloft’s Drift application. Upon notification of this threat, Barracuda immediately disabled the Drift application and its integration with Salesforce. We also launched a comprehensive security investigation to assess potential impact.

Salesforce has since taken additional containment measures, including disabling all instances of the Drift application across its platform and removing it from the Salesforce AppExchange.

As part of our ongoing investigation, we have determined that a limited data set within Barracuda's Salesforce instance was accessed by an unauthorized party via the Drift application prior to its deactivation. This access has been fully contained.

There is no evidence that Barracuda’s solutions or customer environments were affected by this incident, and we have not found any unauthorized access to sensitive data. However, we recommend heightened vigilance against phishing attempts and social engineering attacks. As a best practice, we advise all individuals to carefully verify the authenticity of communications, refrain from clicking on suspicious links or attachments and promptly report any unusual or unexpected activity.

Out of an abundance of caution, Barracuda has proactively implemented enhanced customer authentication protocols for support interactions. These measures are designed to further safeguard against potential phishing and impersonation attempts.

We remain committed to transparency and security and will provide notifications in accordance with our commitments and pursuant to applicable laws and regulations.

Protecting your data is our top priority. If you have questions or need additional support, Barracuda’s support team is available at support@barracuda.com.