Elastic has disclosed a safety incident stemming from a third-party breach at Salesloft Drift, which resulted in unauthorized entry to an inner electronic mail account containing legitimate credentials.
Whereas the corporate’s core Salesforce atmosphere was not impacted, the incident uncovered delicate data contained inside a restricted variety of emails.
The chain of occasions started on August 26, 2025, when Salesloft Drift publicly disclosed a safety incident affecting its platform.
A subsequent in-depth report from Google’s Menace Intelligence Group detailed the menace actor’s actions associated to the breach.
As a buyer utilizing Drift for sure enterprise purposes, Elastic initiated its incident response protocols to research any potential impression proactively.
Though Elastic was indirectly notified of being affected, its safety crew launched an instantaneous investigation to find out if any firm or buyer knowledge was uncovered.
Scope Of The Affect
Elastic’s investigation confirmed that its Salesforce atmosphere was not compromised. Nonetheless, the crew found {that a} single electronic mail account had been uncovered via the “Drift Electronic mail” integration.
This publicity might have granted an unauthorized actor read-only entry to emails acquired in that particular inbox.
After conducting a scan of the inbox’s contents, safety personnel recognized a small variety of inbound emails that included probably legitimate credentials.
In response to this discovery, Elastic notified the shoppers who have been probably affected via current assist channels.
The corporate has said that any buyer who didn’t obtain a direct notification was not recognized as being impacted by this credential leak.
Instantly after studying of the Drift incident, Elastic’s Info Safety crew took decisive motion to include the menace and assess the injury.
The crew launched a complete investigation, reviewing entry logs, community exercise, and system configurations to find out the extent of the information publicity.
A essential first step was to disable all Drift integrations inside Elastic’s atmosphere, thereby eliminating any additional threat from the compromised third-party platform.
Concurrently, the crew monitored open-source intelligence for Indicators of Compromise (IOCs) and coordinated with Drift’s safety crew to collect extra data.
Elastic has affirmed its dedication to transparency and defending buyer knowledge, and its crew continues to observe for brand new data associated to the occasion.
Confirmed victims of this provide chain assault embody:
Palo Alto Networks: The cybersecurity agency confirmed the publicity of enterprise contact data and inner gross sales knowledge from its CRM platform.
Zscaler: The cloud safety firm reported that buyer data, together with names, contact particulars, and a few assist case content material, was accessed.
Google: Along with being an investigator, Google confirmed a “very small quantity” of its Workspace accounts have been accessed via the compromised tokens.
Cloudflare: Cloudflare has confirmed a knowledge breach the place a complicated menace actor accessed and stole buyer knowledge from the corporate’s Salesforce occasion.
PagerDuty has confirmed a safety incident that resulted in unauthorized entry to a few of its knowledge saved in Salesforce.
Tenable has confirmed a knowledge breach that uncovered the contact particulars and assist case data of a few of its prospects.
Qualys has confirmed it was impacted by a widespread provide chain assault that focused the Salesloft Drift advertising platform, leading to unauthorized entry to a portion of its Salesforce knowledge.
Dynatrace has confirmed it was impacted by a third-party knowledge breach originating from the Salesloft Drift software, leading to unauthorized entry to buyer enterprise contact data saved in its Salesforce CRM.
Discover this Story Fascinating! Comply with us on Google Information, LinkedIn, and X to Get Extra Prompt Updates.
