EzProtect Issues Critical Security Advisory Following Salesforce Third-Party App Incident; Provides Immediate Guidance to Protect Customer Environments

Company Takes Proactive Measures to Ensure Continued Service and Security for Customers Following Salesforce Connected Apps Security Compromise 

San Francisco, CA – [September 9, 2025]– EzProtect, the leading Salesforce virus-scanning and threat detection solution, today issued a critical security advisory to all customers following a recent security incident affecting Salesforce environments through a compromised third-party application. The company is taking immediate action to ensure continued service protection and has implemented enhanced security measures to safeguard customer data. 

Incident Details and Impact 

From August 8-18, 2025, a threat actor exploited compromised OAuth credentials in the Salesloft Drift integration to gain unauthorized access to Salesforce customer data. The attacker performed mass exfiltration of sensitive information from Salesforce objects including Account, Contact, Case, and Opportunity records. Following the data theft, the threat actor actively scanned the acquired data for additional credentials to facilitate further attacks. 

The incident did not stem from a vulnerability in the core Salesforce platform or EzProtect systems, but rather from a compromise of the third-party Drift app’s connection to Salesforce. Salesforce released an emergency customer update addressing this incident. 

EzProtect’s Immediate Response 

EzProtect has immediately mobilized its security response team to protect customers and ensure continued service delivery. The company is proactively communicating with all customers to provide specific guidance on maintaining their security posture during this incident. 

“The security of our customers’ data is our absolute top priority,” said Matt Meyers, CTA and CEO/Co-Founder at EzProtect. “While this incident originated from a third-party application compromise, we are taking comprehensive steps to ensure our customers remain protected and their EzProtect services continue operating without interruption.” 

Critical Actions for Customers 

Due to new Salesforce restrictions on connected app connections, EzProtect customers must take immediate action to prevent service disruption: 

Connected App Installation Requirements: 

• Customers must navigate to Setup → OAuth Connected App Usage in their Salesforce org 

• Look for the “EzProtect” application and click the “Install” button if present 

• This action ensures EzProtect maintains the ability to scan Salesforce environments for viruses and security threats 

Salesforce Security Office Hours 
EzProtect recommends comprehensive security reviews including audit log analysis, credential rotation, and enhanced monitoring for social engineering attempts that may result from data exfiltration. EzProtect has also launched Salesforce Security Office Hours for customers and the broader Salesforce ecosystem to learn best practices about how to better secure their orgs during the recent surge of Salesforce customer data breaches.  

Ongoing Monitoring and Updates 

EzProtect continues to actively monitor the situation and will provide regular updates to customers as new information becomes available. The company’s advanced security scanning capabilities remain fully operational and continue to protect customer Salesforce environments against evolving threats. 

About EzProtect 

EzProtect delivers real-time, AI-powered virus scanning to detect and block cyber threats before they infiltrate your Salesforce org. The company provides seamless malware and ransomware protection for Salesforce, preventing phishing attacks and other cyber threats from compromising critical business data. EzProtect is committed to maintaining the highest standards of data security and customer service. 

 

Are you actively exposing your Salesforce data to cyber attacks? 

Contact our EzProtect team today for a free security assessment that bridges the critical gaps in the shared responsibility model—including comprehensive scanning of files and static resources that Salesforce doesn’t provide. Our expert team will deliver a customized 3-step action plan to strengthen your security posture and prevent your organization from becoming tomorrow’s headline.