Supply Chain Attacks Hit Cloudflare, Proofpoint, and Other Major Firms

Recent disclosures from Cloudflare Inc. and Proofpoint Inc. add to a growing list of organizations reporting exposure from the August supply chain attacks tied to Salesloft.

Both companies confirmed that the attackers leveraged compromised credentials connected to the Drift AI chatbot to infiltrate Salesforce environments, according to David Jones, in Security Dive.

These incidents illustrate the expanding ripple effects of third-party vulnerabilities in enterprise ecosystems. The wave of attacks has impacted several high-profile companies, including Palo Alto Networks and Zscaler.

According to Cloudflare, the breach began with reconnaissance activities on August 9, followed by data theft between August 13 and 17.

Attackers accessed Salesforce case objects, which contained contact details, subject lines, and correspondence related to the cases. Although the exposure was limited, Cloudflare identified 104 API tokens within the compromised data.

While no malicious use was detected, all tokens were rotated, and customers were notified of potential risks. Broader mitigation steps were taken, including disabling Drift integrations and disconnecting third-party Salesforce connections.

Proofpoint confirmed a separate intrusion into its Salesforce tenant, where attackers viewed stored information.

The company stated it would notify customers if any sensitive data misuse is detected. Like Cloudflare, Proofpoint disabled the Drift application and confirmed that no software, services, or protected customer data were compromised.

Meanwhile, Okta reported that it successfully blocked intrusion attempts through stolen tokens by enforcing inbound IP restrictions.

The disclosures demonstrate how quickly contractual obligations, liability, and regulatory exposure can emerge from third-party supply chain vulnerabilities.

Legal teams should advise their clients on the importance of proactive vendor risk management, the need for clear contractual provisions regarding data handling, and the necessity of continuous monitoring of integrated services to help mitigate supply chain attacks.