Impacted Domains: Operational
Impacted Industries: All Industries
Date: September 16, 2025

A SaaS supply-chain attack on Salesloft and Drift compromised more than 700 organizations — including major security and tech firms — through OAuth token and API abuse, exposing critical customer and support data (JDSupra, Kaseya, Sept 16, 2025).

So What:
Attackers bypassed enterprise MFA by exploiting OAuth tokens, enabling persistent access to business platforms, sensitive communications, and customer data. The breach underscores systemic SaaS trust risks, where API-level compromise can cascade across entire operational environments.

Risk Value:
$4M–$55M for mid-size firms, depending on platform reliance and data exposure.

Mitigation Cost:
$80K–$320K for mid-size organizations to strengthen SaaS security, monitoring, and response.

What to Do:

• Implement automated credential rotation with tightly scoped access and short-lived tokens.

• Conduct real-time third-party risk scoring and integration audits across all SaaS connections.

• Deploy machine-learning anomaly detection with adaptive alerting for OAuth and API misuse.

• Build incident-response playbooks tailored specifically to SaaS supply-chain breaches.

Risk AIQ Score: 8

🔗 SecurityScorecard: Insights from the Salesloft–Drift Compromise