Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

Salesloft Drift Incident Expands: Tenable Confirms Customer Data Breach

Redazione RHC : 8 September 2025 10:04

Tenable also suffered a compromise of contact information and support case details for some customers. The company said the incident was related to a large-scale data theft operation, which aimed to exploit the connection between the Salesloft Drift marketing application and Salesforce, impacting several organizations.

Tenable expressed its commitment to transparency and detailed the extent of the breach. The company’s investigation found that an unauthorized user had gained access to some of the customer information stored in its Salesforce instance. He noted that there is currently no evidence to suggest that the attackers misused this information.

Immediately after the incident was discovered, Tenable took swift action to protect its own and its customers’ systems. The company’s efforts include several initiatives, including:

  • All potentially compromised credentials for Salesforce, Drift, and related integrations have been promptly revoked and rotated.
  • The Salesforce Drift application, along with all integrated applications, has been disabled and removed from Tenable’s Salesforce instance.
  • The company has further hardened its Salesforce environment and other connected systems to prevent future abuse.
  • Tenable applied known indicators of compromise (IoCs), shared by Salesforce and cybersecurity experts, to identify and block malicious activity.
  • Salesforce and other SaaS solutions are continuously monitored for any exposures or unusual activity.

The Tenable breach is not an isolated attack. It is connected to a larger and more sophisticated campaign that security experts are monitoring. Attackers used this vector to exfiltrate data from Salesforce instances of various companies using integrated applications. Tenable has confirmed that it was one of several organizations affected by this coordinated attack.

Confirmed victims of this supply chain attack include Palo Alto Networks, Zscaler, Google, Cloudflare, and PagerDuty, which confirmed a security incident that resulted in unauthorized access to some of its data stored in Salesforce.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli