Last week, Cloudflare was notified that Cloudflare and Cloudflare customers are affected by the Salesloft Drift breach.
Because of this breach, someone outside Cloudflare got access to Cloudflare Salesforce instance, which Cloudflare use for customer support and internal customer case management, and some of the data it contains. Most of this information is customer contact information and basic support case data, but some customer support interactions may reveal information about a customer’s configuration and could contain sensitive information like access tokens. Given that Salesforce support case data contains the contents of support tickets with Cloudflare, any information that a customer may have shared with Cloudflare in our support system—including logs, tokens or passwords—should be considered compromised, and we strongly urge you to rotate any credentials that you may have shared with us through this channel.
As part of Cloudflare response to this incident, Cloudflare did his own search through the compromised data to look for tokens or passwords and found 104 Cloudflare API tokens. Cloudflare have identified no suspicious activity associated with those tokens, but all of these have been rotated in an abundance of caution. All customers whose data was compromised in this breach have been informed directly by Cloudflare.
No Cloudflare services or infrastructure were compromised as a result of this breach.
Cloudflare are responsible for the choice of tools Cloudflare use in support of Cloudflare business. This breach has let Cloudflare’s customers down. For that, we sincerely apologize. The rest of this blog gives a detailed timeline and detailed information on how we investigated this breach.
https://blog.cloudflare.com/response-to-salesloft-drift-incident/
