Cloudflare Data Breach: Key Facts and Next Steps
1. ☁️ Cloudflare has reported a data breach where unauthorized access to customer data occurred via its Salesforce platform, affecting hundreds of organizations globally.
2. 🕵️ The breach was orchestrated by a threat actor known as GRUB1, who took advantage of a vulnerability in the Salesloft Drift chatbot integration between August 12 and August 17, 2025.
3. 📋 The compromised data includes contact details, case subject lines, and communication from Salesforce customer support tickets. However, it’s important to note that no sensitive attachments or fundamental infrastructure were impacted.
4. 🔑 It’s been determined that customers’ credentials, API keys, logs, or passwords shared in support cases are now at risk; in response, Cloudflare has proactively rotated 104 of its own API tokens as a safety measure.
5. 📬 By September 2, 2025, Cloudflare had directly alerted all impacted customers about the breach and the potential risk to their data.
