Salesforce (NYSE: CRM) has confirmed that it will not bow to ransom demands from the hacker group ShinyHunters, following a cyberattack that exposed some client data through a third-party integration. The company clarified that its core systems remain uncompromised, emphasizing that the breach originated from Drift, a customer engagement app developed by Salesloft, which integrates with Salesforce to automate client communications.
In an email sent to customers, Salesforce stated that it “refuses to negotiate or pay the group’s extortion demand.” The company explained that the attackers exploited a connection link between Drift and Salesforce but did not directly access Salesforce’s internal systems. The stolen information, according to the company, primarily consisted of basic contact details, IT configurations, and some access tokens, portions of which were later posted on a cybercrime forum.
The cyberattack occurred in August, prompting Salesforce’s security teams to act swiftly in collaboration with Salesloft. The company reported that all active tokens were immediately invalidated, the Drift app was removed from AppExchange, and impacted users were promptly informed. These rapid containment measures were aimed at preventing any further unauthorized access or data misuse.
Salesforce reiterated that the incident was isolated and “did not stem from a vulnerability in the core Salesforce platform.” The company underscored that its main systems continue to operate securely and that its internal infrastructure remains uncompromised.
The ShinyHunters group, known for targeting major technology and retail firms, claimed responsibility for the breach and allegedly offered the stolen data for sale online after Salesforce refused to pay. Industry analysts noted that Salesforce’s stance reflects a growing trend among large enterprises to resist ransom negotiations, choosing instead to strengthen cyber defenses and transparency with affected users.
This episode highlights the heightened risks associated with third-party integrations, a critical challenge for software-as-a-service (SaaS) ecosystems where multiple external applications interface with core enterprise platforms. Salesforce’s proactive steps—collaborating with partners, securing tokens, and communicating with customers—illustrate a determined effort to uphold data integrity and customer trust, even amid a complex and evolving cybersecurity threat landscape.
 has confirmed that it will not bow to ransom demands from the hacker group ShinyHunters, following a cyberattack that..){kind=link}