We want to share an important update in light of the recent security incident involving Salesloft Drift, a third-party application connected to Salesforce.
The issue centers on the misuse of OAuth tokens associated with the Drift app. Salesforce and other vendors identified unauthorized access between August 8 and 18, 2025. The incident has impacted hundreds of Salesforce customers.
Omada’s solutions, services, and infrastructure were not affected in any way.
Omada’s Response Measures
Once identified, Omada immediately implemented a range of measures upon notification and initiated a thorough investigation:
- Disconnected Drift Integration: The Salesforce-Drift connection was permanently removed.
- Disabled API Access: Relevant APIs and third-party integrations were turned off.
- Incident Review: Internal teams conducted a thorough investigation.
Scope of Exposure
Our investigation determined that the incident was limited to data accessed through the compromised Salesforce integration. The Omada Cloud Platform and internal production systems were not impacted.
The exposed Salesforce data included:
- Customer business contact information
- Company attributes
- Basic customer engagement information
Investigation has currently found no evidence to suggest misuse of any said information. Misuse of this information has not been reported by any other affected company at this point.
Customer Guidance: Be Alert
Even though there is no evidence of misuse, it’s important to stay alert. We encourage you to take the following precautions:
- Review inbound communications carefully.
- Be cautious of unexpected outreach – especially messages that urge quick decisions or request sensitive information.
- Validate senders independently. If a message claims to be from a trusted source but seems off in tone or timing, use a separate channel to confirm its legitimacy.
- Protect login credentials. Avoid sharing passwords, two-factor authentication codes, or sensitive business data in response to unsolicited contact.
Omada will never ask for personal or account information via unverified channels.
If you have any specific concerns in relation to Omada, please contact Omada A/S at [email protected].
Our Data Protection Officer can be reached at [email protected].
We appreciate your continued vigilance and will provide updates if further relevant developments arise.
Luca Bellintani is Omada’s Chief Information Security Officer (CISO)
