Salesforce threats in 2025
What changed in 2025, how attacks work, and what to do now?
There’s more attacks on Salesforce than ever before:
- Salesloft/Drift OAuth token breach (August 2025) – Attackers stole OAuth and refresh tokens from Salesloft’s Drift chat integration with Salesforce.
- Google (August 2025) – breach disclosed in August but traced to activity in June. Targeted Salesforce CRM instance used for prospective Google Ads customer data.
- Chanel (August 2025) – personal contact data exposed.
- Louis Vuitton, Dior, Tiffany & Co., Adidas (July-August 2025): late July disclosures tied to the same Salesforce-focused campaign.
- Allianz Life (July 2025) – majority of 1.4M customers impacted via a third-party cloud CRM.
- Hawaiian Airlines, WestJet, KLM, Air France (June-July 2025) – Airlines were targeted using help‑desk manipulation and multi‑factor authentication bypass.
- M&S, Co-op, Harrods (May 2025) – ransomware/data theft incidents.
What is Cloud Protection for Salesforce by WithSecure™?
- Cloud Protection for Salesforce is an industry-leading malware protection solution for Salesforce trusted by dozens of Fortune 500 companies
- The native app is available in AppExchange and is up and running in minutes.
- Salesforce does not scan files and URLs for malware or phishing. We do.
Salesforce Threat Landscape Report 2025
Download free 2025 Salesforce Threat Landscape Report
Inside the report:
Detection trends and attack volumes from Q1 2025
How threats are hidden in files, QR codes, and URLs
Case studies of breaches
AI-powered phishing campaign analysis
