Qualys has confirmed it was impacted by a widespread provide chain assault that focused the Salesloft Drift advertising and marketing platform, leading to unauthorized entry to a portion of its Salesforce information.
The breach originated from a classy cyberattack marketing campaign focusing on Salesloft Drift, a third-party Software program-as-a-Service (SaaS) software utilized by Qualys to automate gross sales workflows and handle advertising and marketing leads.
Based on the corporate, the attackers efficiently stole OAuth authentication tokens that linked the Drift software to Qualys’s Salesforce occasion. The malicious actors then used these tokens to realize unauthorized entry.
Qualys specified that the entry was restricted to some data inside its Salesforce surroundings, which is primarily used for managing leads and call data.
The corporate confirmed in its assertion that the assault didn’t compromise its foundational safety infrastructure. There was no influence on the Qualys manufacturing environments, together with its shared and personal platforms, codebase, or any buyer information hosted on the Qualys Cloud Platform. Moreover, all Qualys platforms, brokers, and scanners remained totally useful with no operational disruptions.
Upon changing into conscious of the incident, Qualys instantly activated its incident response plan. The corporate’s safety crew took swift motion to comprise the risk by disabling all Drift integrations with its Salesforce information, successfully reducing off the attackers’ entry.
To assist its inner investigation efforts, Qualys has engaged the distinguished cybersecurity agency Mandiant. Mandiant is reportedly aiding most of the different organizations that have been additionally impacted by this widespread marketing campaign towards Salesloft Drift.
Confirmed victims of this provide chain assault embody:
Palo Alto Networks: The cybersecurity agency confirmed the publicity of enterprise contact data and inner gross sales information from its CRM platform.
Zscaler: The cloud safety firm reported that buyer data, together with names, contact particulars, and a few assist case content material, was accessed.
Google: Along with being an investigator, Google confirmed a “very small quantity” of its Workspace accounts have been accessed by the compromised tokens.
Cloudflare: Cloudflare has confirmed a knowledge breach the place a classy risk actor accessed and stole buyer information from the corporate’s Salesforce occasion.
PagerDuty has confirmed a safety incident that resulted in unauthorized entry to a few of its information saved in Salesforce.
Tenable has confirmed a knowledge breach that uncovered the contact particulars and assist case data of a few of its clients.
Discover this Story Fascinating! Observe us on Google Information, LinkedIn, and X to Get Extra Instantaneous Updates.
