Online network services provider Cloudflare is the latest company impacted in a recent string of cyber hacking attacks related to breaches of Salesforce’s Salesloft Drift software.

According to BleepingComputer.com, an internet company that offers security, performance, and reliability services for websites and applications revealed on September 2 that the attackers gained access to a Salesforce instance it uses for internal customer case management and customer support.

Since the start of 2025, the ShinyHunters extortion group has been targeting Salesforce customers in data theft attacks, using voice phishing (vishing) to trick employees into linking malicious OAuth apps with their company's Salesforce instances. This tactic enabled the attackers to steal databases, which were later used to extort victims.

"We believe this incident was not an isolated event but that the threat actor intended to harvest credentials and customer information for future attacks," Cloudflare said.

Read More: U.K. Carmaker Hit by Cyber Attack

Since June, numerous data breaches have been linked to ShinyHunters' social engineering tactics, including those targeting Google itself, Cisco, Qantas, Allianz Life, Farmers Insurance, Workday, Adidas, as well as LVMH subsidiaries Louis Vuitton, Dior, and Tiffany & Co.

"Given that hundreds of organizations were affected through this Drift compromise, we suspect the threat actor will use this information to launch targeted attacks against customers across the affected organizations."