Notice of Salesforce Drift Incident

What happened?

We want to let you know about a widespread security incident targeting over 750 companies using Salesloft Drift, resulting in attackers compromising authentication methods between Salesloft and other third party applications including Salesforce. Salesloft Drift is used for automating sales processes, and it integrates with Salesforce databases, pulling relevant information such as leads and contact details into the platform to help coordinate sales efforts. 

We were notified through threat intelligence sources (Google Advisory) of this widespread event and began our investigation which confirmed these attackers gained access to Flock’s Salesloft Drift environment and had leveraged integrations between Salesloft to gain limited access to Flock’s Salesforce environment.

What information was involved?

Based on our investigation, the information that may have been compromised in our Salesforce instance related to commonly available business contact details for points of contact and specific CRM related content, including:

• Names
• Business email addresses and phone numbers
• Regional/location details (e.g. camera xyz at store location A)
• Plain text support request required to open a support case

‍

At this time, Flock has no evidence that any of our customers’ information has been accessed. However, we wanted to notify you about this incident so you can take additional measures you may consider necessary. We can confirm definitively that unauthorized access was limited to our Salesforce data and not to our production Flock Safety platforms.

What are we doing?

Flock promptly revoked compromised OAuth tokens, disconnected Salesloft integrations consistent with guidance from Salesloft and the Google Threat Intelligence Group, hired two firms specializing in incident response and e-discovery and confirmed that the scope of this event remains limited to the data noted above and no misuse has been identified.

What can you do?

Given that some of the potentially exposed information includes names, phone numbers and email addresses, Flock recommends extra vigilance with respect to potential phishing and social engineering attacks.

Similar security events highlight the need to verify all communications and avoid sharing credentials or financial data outside official Flock channels. Flock will never request authentication details through unsolicited outreach.