Cloudflare recently confirmed it was impacted by the Salesloft Drift breach, which allowed a threat actor (GRUB1) to access and exfiltrate Salesforce support case data between August 12–17, 2025. The exposed data included customer contact details and support ticket text, which in some cases contained sensitive information such as logs, tokens, or credentials. Cloudflare rotated 104 API tokens found in the compromised data, notified all affected customers, and emphasized that no core services or infrastructure were breached.