Home Admin Help Center

Security advisory: Incident impacting business customer data in third-party CRM system

For professional plans only For all plans

Security advisory: Incident impacting business customer data in third-party CRM system

Printer icon
Published August 28, 2025

Update added on Monday, September 1, 2025, noting completion of our incident investigation.

Overview

On August 24, 2025, Dashlane was made aware that a threat actor gained unauthorized access to our Salesforce CRM instance by compromising Drift, a third-party application integrated with our instance. Based on our analysis of applicable logs and queries, a very small subset of business customer data stored in Salesforce CRM, consisting of basic business information, was accessed. We’ve determined that unauthorized access to the Salesforce CRM occurred from August 12, 2025, to August 16, 2025.

All data stored in Dashlane personal and business user vaults remains secure based on our investigation. There is also no evidence at this time of any impact to Dashlane’s internal system or services.

Actions taken to protect customers

All access tokens for the Drift application have been removed. We have also initiated a review of all our third-party integrations with Salesforce CRM for indicators of compromise and are investigating adjacent systems to ensure there was no unauthorized access.

From what we know currently, there is no evidence that the attacker gained access to other third-party systems.

What customers can do

It is possible that the threat actor could use the exposed information to conduct phishing attacks or social engineering against customers. We recommend customers stay vigilant and remember that Dashlane will never ask you for your login credentials in an email. When in doubt, here are a few best practices:

  • Log in directly to your Dashlane account through our official apps.
  • Avoid clicking on any links in emails until their legitimacy is confirmed.

We also recommend consulting our blog post and Help Center article on recognizing phishing threats.

Conclusion

Security and privacy are core to Dashlane. While our investigation is ongoing, our efforts and the steps taken by our team in collaboration with Salesforce indicate that the incident has been contained.

We ask for your patience as we conclude our investigation of this issue. We will update this advisory page as appropriate.

Update as of Monday, September 1, 2025

Investigation Complete

Dashlane has completed its investigation and confirmed that impact of the incident is limited to a very small subset of business customer data consisting of basic business information such as first and last name, title, company name, phone number, and email from Dashlane’s Salesforce CRM. We did not identify any impact to our products, services, or other Dashlane systems. All data stored in Dashlane personal and business user vaults is secure.

Dashlane will continue to monitor for further developments of the Salesloft Drift security incident.

Powered by Zendesk