Salesforce facing multiple lawsuits after Salesloft breach Salesforce is facing a wave of lawsuits in the wake of a cyberattack that exposed customer data. The claims were all filed in Northern California, where Salesforce is headquartered, over the past five weeks and suggest that the SaaS CRM vendor fell short on security. The complaints, many of which aim for class action status, …
SalesForce is the parent company and provides the product.
This looks like then trying to offload culpability so they don't have to pay anything. Once could say "Typical large tech company behaviour".
Hopefully they will end up in the wrong end of these complaints and do have to pay up.
Sadly the only real winners will be lawyers, the cases will take years after all the appeals by which time the actual event is long forgotten.
Not to say that affected people may have no personal relationship with SF (that keeps the data swamp) or SL (or other vendors that facilitate use of SF's held data). Most have been volunteered by some sales drones.
Since SF (and other cloud vendors) have decided to be gatekeepers of the data, provide convoluted ways of securing the data (if possible at all) and in the end served data to attackers, they are to some extent responsible for any breach that followed.
I realize the naming overlap here can be confusing, but Salesforce is not the parent company of Salesloft.
Salesloft is an independent company, and while their Drift platform is built as a Salesforce connector / integrated solution, Salesforce has no ownership stake or control of any kind.
Speaking generally, I would say Salesforce (like most SaaS / PaaS / IaaS platforms) should not have any liability here - they provide their customers with a set of capabilities and security controls, and they are clear upfront it is customer's responsibility to use those controls to lock things down appropriately. Simplisticly, they are renting you the house, but it's your job to make sure you're locking the doors.
That said, there is a reason so many companies outside of this Salesloft issue are experiencing Salesforce compromises right now - and (imo) it's because Salesforce has done a poor job of setting secure defaults and making it easy and obvious to do the right thing. To potentially torture the metaphor, it turns out the house they are renting you has very tricky locks that are difficult to operate correctly at enterprise scale, and the house includes some trapdoors and side entrances that may be discussed in passing in some fine print buried in the rental agreement, but are not made obvious or clearly understandable to the renter.
Essentially, the allegation in these cases is that Salesforce has made it challenging even for well-intentioned customers to lock things down (at scale) unless they are experts in Salesforce security. So the question becomes at what point does that become unreasonable / negligent on their part and create liability.
It will be interesting to see how this all plays out.
The recent Salesforce Salesloft hack in August 2025 occurred when a threat actor group tracked as UNC6395 exploited stolen OAuth access and refresh tokens issued to the Salesloft–Drift integration, a third-party AI chatbot connecting Drift to Salesforce. These OAuth tokens allowed the attackers to bypass normal authentication controls, including multi-factor authentication, and access Salesforce customer data across hundreds of organizations.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2026
