PagerDuty, a leading digital operations management platform, has confirmed a security incident that resulted in the unauthorized access of customer data stored within its Salesforce environment. The breach, which occurred as part of a wider supply-chain attack, was not a direct compromise of PagerDuty’s core systems but rather an exploitation of a vulnerability in a third-party application.
The incident was traced back to the Salesloft Drift application, which PagerDuty used for customer engagement. On August 20, PagerDuty was initially alerted to a security issue with the Drift application. A few days later, it was confirmed that an attacker had exploited a flaw in Drift’s OAuth integration flow with Salesforce, allowing them to gain unauthorized access to the Salesforce instances of hundreds of companies, including PagerDuty, Zscaler, Cloudflare, and Palo Alto Networks.
According to PagerDuty’s public advisory, the exposed information includes customer contact details such as names, email addresses, and phone numbers. The company has emphasized that no PagerDuty platform credentials, such as user passwords or API keys, were compromised in the incident. It also stated that there is no indication the attacker accessed any internal systems or resources beyond the Salesforce instance.
In response to the breach, PagerDuty immediately disabled the Salesloft Drift integration with its Salesforce data and launched an investigation. The company has been working closely with Salesloft, Salesforce, and Google’s Threat Intelligence Group (GTIG) to understand the full scope of the attack.
This incident serves as a critical reminder of the risks associated with third-party integrations. For customers, the exposed contact information raises the risk of targeted phishing and social engineering attacks. PagerDuty is urging all customers to be vigilant and has stressed that it will never contact anyone by phone to request sensitive details. All official communication will come through its trusted support channels. The company is committed to providing updates as its investigation progresses and to strengthening its security measures to prevent similar issues in the future.
