Statement on MD-2025-0820 Salesloft Drift Vulnerability

August 20, 2025

Information

In August 2025, attackers exploited stolen OAuth tokens from the Salesloft Drift application to gain unauthorized access to integrated Salesforce environments.

For additional details, please refer to the following:

• Salesloft - Mandiant Drift Update

• Salesforce | Security Advisory: Unusual Activity in a Third Party Connected App

• Upguard | Salesloft Drift Breach

Risk

Not Applicable

Response

Melissa Data Corporation (“Melissa”) was not impacted directly nor indirectly by the Salesloft - Drift vulnerability as we do not utilize the “Drift” application for any Melissa commercial web services or products.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.