On August 22, 2025, HackerOne—one of the world’s most trusted bug bounty and vulnerability disclosure platforms—was alerted to suspicious activity within its Salesforce environment. The root cause was quickly traced back to a compromise of Drift, a third-party application owned by Salesloft, which had been integrated with Salesforce.
By August 23, Salesloft confirmed the incident, and HackerOne’s security team immediately launched its incident response protocols, prioritising containment, investigation, and transparency.
What Was Impacted
- A subset of Salesforce records was accessed without authorisation.
- No customer vulnerability data (such as reports submitted via the HackerOne platform) was exposed.
- Forensic analysis is ongoing, and customers with affected records will be contacted directly.
What Was Not Impacted
- HackerOne’s core platform and bug bounty data remain secure.
- Sensitive vulnerability information reported by ethical hackers was not affected.
Why This Matters
This breach is part of a wider supply-chain attack targeting SaaS integrations. It highlights a critical reality:
- Third-party apps are a growing attack vector – even when your own security is airtight, vendors and integrations can become the weakest link.
- Transparency builds trust – HackerOne’s “Default to Disclosure” principle is a model for how companies should handle breaches: clear, prompt, and proactive communication.
- Resilience requires vigilance – security programs must go beyond internal systems, extending into continuous monitoring of every connected service.
Key Takeaways for Organisations From Wiseman Cybersec
- Conduct regular vendor risk assessments for all SaaS integrations.
- Limit data access across platforms using least-privilege principles.
- Establish clear incident response playbooks that include third-party scenarios.
- Prioritise open communication to preserve trust when incidents occur.
