Risk management firm Qualys has revealed that some of its Salesforce data has been maliciously accessed by the hackers behind the still snowballing Salesloft Drift compromise.
“We recently became aware of a widespread Salesloft / Drift supply chain incident that impacted third-party integrations with Drift. We are providing this update as part of our commitment to transparency and keeping our customers informed about the security of our platform and products, Qualys said in a September 6 statement.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Keep me signed in on this device.
If you check this box before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later.
If you check the box above before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later.
JavaScript is required for CAPTCHA verification to submit this form.
Create free account to get unlimited news articles and more!
First Name
Last Name
Mobile
Organisation Type
By becoming a member, I agree to receive information and promotional messages from Cyber Daily.
I can opt out of these communications at any time.
For more information, please visit our
Privacy Statement.
Need help signing up? Visit the
Help Centre.
“The key takeaway is that there is no impact on the Qualys production environments (shared platforms and private platforms), codebase, or customer data hosted on the Qualys Cloud Platform, Qualys Agents or Scanners. All Qualys platforms continue to be fully functional, and at no time was there any operational impact.”
However, Qualys did say that a threat actor had gained “limited access to some Qualys Salesforce information”.
Qualys immediately disabled all Drift integrations and launched an investigation into the incident. Mandiant is assisting Qualys, at the same time as it supports many other victims.
“As with any security incident, we will continue to investigate and monitor the situation as needed. As a security company, we continue to look for ways to enhance security and provide the strongest protections for our customers,” Qualys said.
“Qualys is strongly committed to the security of its customers and their data, and we will notify them should relevant information become available.”
Qualys joins Zscaler, PagerDuty, Tanium, and CloudFlare as just some of the Salesloft Drift compromise’s largest victims. Salesloft recently revealed that the threat actor behind the campaign had access to the company’s GitHub account between March and June this year.
The threat actor was able to perform reconnaissance-related activity before successfully obtaining the OAuth tokens for many of Salesloft’s customers’ technology integrations. These were then used to access those customers’ data.
“Based on the Mandiant investigation, the findings support the incident has been contained,” Salesloft said.
“The focus of Mandiant’s engagement has now transitioned to forensic quality assurance review.”
