Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account.

Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed the Salesloft GitHub account from March through June 2025. So far, 22 companies have confirmed they were impacted by a supply chain breach.

"With this access, the threat actor was able to download content from multiple repositories, add a guest user, and establish workflows," Salesloft said in an updated advisory.

The investigation also uncovered reconnaissance activities occurring between March 2025 and June 2025 in the Salesloft and Drift application environments. However, it emphasized there is no evidence of any activity beyond limit

See Full Page