The ripple effects of the Salesforce supply chain hack continue to grow, pulling more global enterprises into its orbit. This time, Dynatrace, a U.S.- and Austria-based software intelligence company, has confirmed its customer data was exposed after hackers exploited Salesloft’s Drift application.
Dynatrace Admits Customer Contact Data Was Compromised
Dynatrace, best known for its application performance management (APM) platform used by governments, airlines, and financial institutions, acknowledged that unauthorized parties accessed customer business contact details through its Salesforce CRM.
“A cyberattack on Salesloft’s Drift application resulted in unauthorized access to Salesforce CRM data from companies using the third-party app. Like many companies, Dynatrace was among those affected by the Salesloft incident. Customers’ first and last names and company identifiers are among the affected data,” the company confirmed.
Dynatrace stressed that no core systems or customer-facing services were impacted.
“No Dynatrace products or services, including any systems containing customer data or any services that directly interface with customer systems, were affected,” the company emphasized in its statement.
The firm has since disabled Drift across its environment and restricted its Salesforce usage to contain the breach.
High-Profile Clients Potentially Affected
Dynatrace’s annual revenue exceeds €1.51 billion, and its client roster includes household names and critical sectors. Notable customers include Air Canada, the Australian Government, TD Bank, Virgin Money, and BT Group. The exposure of even limited contact data across such a portfolio raises concerns about downstream risks.
The Snowball Effect of a Third-Party Breach
The breach was not unique to Dynatrace. Attackers reportedly exploited integrations between Drift and Salesforce, siphoning sensitive customer relationship data from multiple organizations. The incident has rapidly escalated into one of the most significant supply chain cyberattacks of the year.
High-profile victims already include Cloudflare, Zscaler, Palo Alto Networks, Google, Allianz Life, TransUnion, Farmers Insurance, Air France, and KLM. Salesloft responded by taking the Drift application offline as investigations continue.
Attribution to Scattered LapSus$ Hunters
An alliance of three cybercriminal groups—ShinyHunters, LAPSUS$, and Scattered Spider—has claimed responsibility for the Salesforce-linked breaches. Collectively branded as “Scattered LapSus$ Hunters,” these gangs have a reputation for high-impact supply chain intrusions and extortion campaigns, despite past arrests targeting their members.
Their latest campaign underscores the persistent threat of third-party risks in enterprise ecosystems, particularly when widely adopted SaaS platforms are compromised.
