x
Close

Recent Posts

Environment

Tenable Confirms Data Breach – Hackers Accessed Customers’ Contact Details

Tenable Confirms Data Breach – Hackers Accessed Customers’ Contact Details
ByKyle Mercer
  • PublishedSeptember 11, 2025

Cybersecurity Incident: Tenable Data Breach

Tenable has confirmed a data breach that exposed the contact details and support case information of certain customers.

The incident is part of a wider data theft campaign targeting an integration between Salesforce and the Salesloft Drift marketing application, impacting multiple organizations.

In a public statement, Tenable detailed that an unauthorized user accessed a segment of customer information within its Salesforce instance. The company has assured that its core products and the data within them remain secure.

Exposed Data

The unauthorized access was limited to data within Tenable’s Salesforce environment, including:

  • Business contact information such as customer names, business email addresses, and phone numbers.
  • Regional and location references associated with customer accounts.
  • Subject lines and initial descriptions provided by customers when opening a support case.

Tenable has stated that there is no evidence suggesting misuse of this information.

The breach is linked to a broader campaign exploiting a vulnerability in the integration between Salesforce and Salesloft Drift, affecting several companies using these applications. Tenable confirmed it was among the impacted organizations.

Tenable’s Response and Mitigation

Upon discovering the incident, Tenable took immediate actions to secure its systems and protect customer data. The measures include:

  • Revoking and rotating potentially compromised credentials for Salesforce, Drift, and related integrations.
  • Disabling and removing the Salesloft Drift application and all integrated applications from Tenable’s Salesforce instance.
  • Enhancing the security of its Salesforce environment and connected systems to prevent future exploitation.
  • Applying known Indicators of Compromise (IoCs) shared by Salesforce and cybersecurity experts to identify and block malicious activity.
  • Continuously monitoring its Salesforce and other SaaS solutions for exposures or unusual activity.

Tenable advises customers to remain vigilant and follow proactive steps outlined by Salesforce and security experts to secure their systems.

Confirmed victims of this supply chain attack include:

  • Palo Alto Networks: Exposure of business contact information and internal sales data.
  • Zscaler: Access to customer information, including names, contact details, and support case content.
  • Google: Access to a small number of Workspace accounts through compromised tokens.
  • Cloudflare: Customer data accessed and stolen from Salesforce instance.
  • PagerDuty: Unauthorized access to some data stored in Salesforce.

Tags:

Written By
Kyle Mercer

Prev Post

Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

New Malware Attack Leveraging Exposed Docker APIs to Maintain Persistent SSH Root Access
Environment Infrastructure
September 11, 2025

New Malware Attack Leveraging Exposed Docker APIs to Maintain Persistent SSH Root Access

Top 10 Best External Penetration Testing Companies in 2025
Education Environment Health Infrastructure Technology
September 11, 2025

Top 10 Best External Penetration Testing Companies in 2025

New Cyber Attack Weaponizes DeskSoft to Deploy Malware Leveraging RDP Access to Execute Commands
Environment
September 11, 2025

New Cyber Attack Weaponizes DeskSoft to Deploy Malware Leveraging RDP Access to Execute Commands