Cloudflare (NYSE:NET), a leading internet infrastructure provider used by numerous prominent firms, including financial services companies, has issued a notice indicating a hack of their platform occurred between August 12 and August 17, resulting in access to customer information, including user tokens.
The company said that an outside actor gained access to their Salesforce instance.
Cloudflare stated that they became aware of nefarious activity and a “threat actor that was able to successfully exfiltrate the text fields of support cases from our Salesforce instance.”
“Our security team immediately began an investigation, cut off the threat actor’s access, and took a number of steps, detailed below, to secure our environment. We are writing this blog to detail what happened, how we responded, and to help our customers and others understand how to protect themselves from this incident.”
The company described the attack as “sophisticated,” which targeted business-to-business integrations. The company cautioned users to rotate credentials and review cases in their support system. They also advised customers to review access logs and permissions to all 3rd party integrations.
Cloudflare said they expect the hacker to use the information gained to “launch targeted attacks against customers across the affected organizations.”
Shares of Cloudflare barely moved following the news of the hack.
This is not the first time there has been a security breach for the firm. In 2023, Cloudflare was the target of a suspected state actor that gained access to its internal network.
