At Zscaler, protecting your data and maintaining transparency are core to our mission to secure, simplify and accelerate businesses transformation. We are committed to keeping you informed about key developments that may impact your organization.What Happened?Zscaler was made aware of a campaign targeted at Salesloft Drift (marketing software-as-a-service) and impacting a large number of Salesloft customers. This incident involved the theft of OAuth tokens connected to Salesloft Drift, a third-party application used for automating sales workflows that integrates with Salesforce to manage leads and contact information. The scope of the incident is confined to Salesloft’s Drift app and does not involve access to any of Zscaler's products, services or underlying systems and infrastructure.As part of this campaign, unauthorized actors gained access to Salesloft Drift credentials of its customers including Zscaler. Following a detailed review as part of our ongoing investigation, we have determined that these credentials have allowed limited access to some Zscaler Salesforce information. What Information May Be Affected?The information accessed was limited to commonly available business contact details for points of contact and specific CRM related content, including:NamesBusiness email addressesJob titlesPhone numbersRegional/location detailsZscaler product licensing and commercial informationPlain text support case header content from certain cases limited to the following fields: Case Number, Opened, Preferred Contact Number, Description, Priority, Case Owner, Preferred Time Zone, Case Status, Type, Customer Case Reference, Product, Last Activity, Subject, Resolution Notes, Reason for Hand Off, Current Status / Next Plan of Action, Data Collected, Issue Summary / Business Impact, and Requestor. No attachments, files, or images were included in the incident, as it solely involved structured text data from case headers.After extensive investigation, Zscaler has currently found no evidence to suggest misuse of this information. If anything changes, we will provide further communications and updates. What Did Zscaler Do? Zscaler acted swiftly to address the incident and mitigate risks. Steps taken include:Revoking Salesloft Drift’s access to Zscaler’s Salesforce dataOut of an abundance of caution, rotating other API access tokens.Launching a detailed investigation into the scope of the event, working closely with Salesloft to assess and understand impacts as they continue investigating.Implementing additional safeguards and strengthening protocols to defend against similar incidents in the future.Immediately launched a third party risk management investigation for third party vendors used by Zscaler.Zscaler Customer Support team has further strengthened customer authentication protocol when responding to customer calls to safeguard against potential phishing attacks. What You Can DoAlthough the incident’s scope remains limited (as stated above) and no evidence of misuse has been found, we recommend that customers maintain heightened vigilance. Please be wary of potential phishing attacks or social engineering attempts, which could leverage exposed contact details.Given that other organizations have suffered similar incidents stemming from Salesloft Drift, it’s crucial to exercise caution regarding unsolicited communications, including emails, phone calls, or requests for sensitive information. Always verify the source of communication and never disclose passwords or financial data via unofficial channels.Zscaler Support will never request authentication or authorization details through unsolicited outreach, including phone calls or SMS. All official Zscaler communications come from trusted Zscaler channels. Please exercise caution and report any suspicious phishing activity to security@zscaler.com. Need Assistance or Have Questions?If you have concerns or need additional support, Zscaler’s Customer Success and Support teams are available via help.zscaler.com or your existing Zscaler support channels. You can also reach out to our Security team at driftincident@zscaler.com.Your security is our top priority. Thank you for your continued partnership with Zscaler.Update: Blog updated on September 3rd, 2025 to include support case information impacted by the incident. Blog updated on September 7th, 2025 to include additional support case information impacted by the incident.
