Understanding SaaS Trust Costs: Lessons from the Salesforce Breach

Executive Summary

The summer of 2025 marked a significant shift in SaaS trust costs, catalyzed by the Salesforce breach incidents. This article by Valence Security examines two concurrent threat campaigns—one involving OAuth token exploitation linked to Salesloft and another vishing attack targeting Salesforce users. Both incidents, despite Salesforce not being directly breached, highlight the extensive risk posed to its ecosystem. Security leaders must recognize the implications and lessons learned to bolster their SaaS security strategies.

👉 Read the full article from Valence Security here for comprehensive insights.

Key Insights

Anatomy of the Drift – Salesforce OAuth Attack

• The breach initiated in March 2025, led by a state-aligned actor known as UNC6395, who accessed Salesloft's GitHub repositories.
• Attackers exploited OAuth tokens, which had widespread impacts on hundreds of customers utilizing the SaaS platform.
• This incident underscored the vulnerability of third-party integrations within the SaaS environment.

The Vishing Attack Explained

• A separate but simultaneous attack involved vishing, where users were targeted with a malicious app masquerading as a legitimate Salesforce application.
• This tactic successfully coerced users into granting unauthorized access to sensitive data, elevating concerns about user education and awareness.

Lessons for Security Leaders

• Organizations must implement robust security measures to protect against OAuth token abuse, including regular audits and access reviews.
• Investment in user training programs can significantly mitigate risks associated with social engineering attacks like vishing.
• The interconnectedness of SaaS services necessitates a comprehensive security strategy that addresses both individual and platform-wide vulnerabilities.

Impacts on the SaaS Ecosystem

• These breaches serve as a wake-up call for SaaS providers to reassess their security policies and incident response protocols.
• Elevated trust costs may influence customer decisions on SaaS integrations, driving demand for enhanced security solutions and transparency.

👉 Access the full expert analysis and actionable security insights from Valence Security here.