Salesloft Drift Security Incident: Pantheon Response

We are continuing to monitor for any further issues.

Pantheon has been made aware of a widespread security incident impacting companies that use Drift, a third-party vendor used for communicating with visitors on our website via chat. We, and our customers, are affected by this breach.

The Pantheon platform and customer-hosted websites were not impacted.

Our investigation has confirmed that a threat actor exploited a vulnerability in the Salesloft Drift application’s OAuth integration with Salesforce to gain unauthorized access to CRM data. Pantheon was notified on August 28, 2025 of this compromise that occurred between August 12–15, 2025.

The breach resulted in the exfiltration of business information about customer renewals and internal sales account data from our CRM system. While this exposure was limited to Salesforce data connected through Drift, some contact details related to accounts were compromised. Our platform and your hosted websites were not infiltrated and have not been affected.

Upon learning of the incident, Pantheon took immediate steps to contain the threat and safeguard customer data, including:

- Locking down permissions across Salesforce Apps to prevent unauthorized access.
- Removing vulnerable applications associated with Salesforce.

We continue to work closely with Salesforce and Salesloft Drift to conduct a forensic analysis and confirm the full scope of the event. Protecting our customers’ data and maintaining their trust is our highest priority.

As we continue our investigation, we are also conducting thorough reviews of our defenses and security assessments for all third-party integrations. Updates will be shared here as more information becomes available.

If you have questions or concerns, please reach out to your Customer Success Manager.