Updated September 5, 2025
As previously shared, Salesforce informed relevant customers of potential unauthorized access to our Salesforce instance via the Drift (Salesloft) application. Based on our current assessment, any information that a customer may have shared with JFrog in our support system - including contact information, text in a support case potentially including tokens or passwords (“secrets”) may have been compromised - but not files or documents attached to the case.
We have directly notified the specific small number of customers who we believe had support cases that contained secrets (if you have not been contacted, this means that, to the best of our knowledge, no secrets related to your accounts have been identified). Nevertheless, as a best practice and precautionary measure, we recommend all customers rotate and revoke any secrets they may have shared.
Further details regarding this security incident, including Indicators of Compromise (IoCs), are available from GTIC here and Salesloft here.
Although our investigation is ongoing, our current assessment is below:
No Evidence of Misuse: We have not found any indication that data was misused.
Isolated Incident: The incident currently appears limited to the third-party platform (Salesloft Drift).
No Impact on JFrog Systems: There is no impact on any JFrog Platform instances, products, services, or underlying infrastructure.
Actions Taken by JFrog:
Beyond disabling Salesloft and Drift, we've proactively rotated all 3rd party API tokens for Salesforce integrations, strengthened Customer Support authentication against social engineering, and further strengthened our third-party risk management processes.
Additional Information:
Your data security is paramount to us. We will never contact anyone by phone or email to request a password or any other secure details; JFrog will only communicate sensitive information through our secure support portal. For any questions, please reach out to our support team via the JFrog Help Center or via e-mail at support@jfrog.com.
August 29, 2025
Recently, a widespread attack involving unauthorized access to Salesforce records through the Drift (Salesloft) application has been publicly reported. On August 23, 2025, Salesforce notified JFrog of potential suspicious unauthorized access originating from the Drift–Salesforce connector.
It is important to note that this issue does not impact the JFrog Platform and products. We have no evidence that this supply chain incident involved the JFrog Platform and products, and the data secured by those products on behalf of our customers.
The Reported Incident:
Between August 23rd and 28th, Salesforce reported disabling all instances of the Drift software to contain the incident. In addition, Salesforce removed the Drift applications from the Salesforce AppExchange and disconnected all Salesloft applications. Upon receiving the Salesforce advisory notices, and as an immediate precautionary measure, JFrog disabled Salesloft and Drift integrations to contain the issue.
JFrog promptly activated its incident response procedures and involved our leading cybersecurity experts for a full internal investigation. While our investigation is ongoing, we have discovered that some data stored in JFrog's Salesforce instance was accessed by leveraging illegitimate access to the Drift Application.
Currently, we do not see any evidence of ongoing malicious activity impacting our customers. We will notify any impacted individuals and organizations in accordance with our commitments and applicable laws and regulations.
Recommendation:
Following security best practices, we recommend revocation and rotation of credentials/keys/secrets and monitoring your environment for any unusual activity.
Protecting your data is our top priority, and we appreciate your understanding and cooperation as we work in transparency to ensure the security of our customers.
If you have any questions, please reach out to our support team through JFrog’s Help Center or support@jfrog.com.