Qualys Confirms Data Breach – Hackers Accessed Salesforce Data in Supply Chain Attack
Cybersecurity
Qualys has confirmed it was affected by a supply chain attack targeting the Salesloft Drift marketing platform, which led to unauthorized access to a portion of its Salesforce data.
The incident was part of a cyberattack campaign against Salesloft Drift, a third-party Software-as-a-Service (SaaS) application used by Qualys for automating sales workflows and managing marketing leads.
The attackers obtained OAuth authentication tokens that linked the Drift application to Qualys’s Salesforce instance, using them to gain unauthorized access.
Qualys specified that the access was restricted to information within its Salesforce environment, primarily involving leads and contact information.
The company confirmed that the attack did not compromise its core security infrastructure. There was no effect on the Qualys production environments, including shared and private platforms, codebase, or any customer data hosted on the Qualys Cloud Platform. Additionally, all Qualys platforms, agents, and scanners remained operational without disruptions.
Upon identifying the incident, Qualys enacted its incident response plan. The security team promptly disabled all Drift integrations with its Salesforce data, effectively terminating the attackers’ access.
To enhance its investigation, Qualys has engaged the cybersecurity firm Mandiant, which is also assisting other organizations impacted by this campaign against Salesloft Drift.
Confirmed Victims of the Supply Chain Attack
- Palo Alto Networks: Exposure of business contact information and internal sales data from its CRM platform.
- Zscaler: Access to customer information, including names, contact details, and some support case content.
- Google: A “very small number” of its Workspace accounts accessed via compromised tokens.
- Cloudflare: Data breach involving access and theft of customer data from the company’s Salesforce instance.
- PagerDuty: Unauthorized access to some of its data stored in Salesforce.
- Tenable: Data breach exposing contact details and support case information of some customers.
