Salesloft Drift Incident Expands: Tenable Confirms Customer Data Breach

Tenable also suffered a compromise of contact information and support case details for some customers. The company said the incident was related to a large-scale data theft operation, which aimed to exploit the connection between the Salesloft Drift marketing application and Salesforce, impacting several organizations.

Tenable expressed its commitment to transparency and detailed the extent of the breach. The company’s investigation found that an unauthorized user had gained access to some of the customer information stored in its Salesforce instance. He noted that there is currently no evidence to suggest that the attackers misused this information.

Immediately after the incident was discovered, Tenable took swift action to protect its own and its customers’ systems. The company’s efforts include several initiatives, including:

• All potentially compromised credentials for Salesforce, Drift, and related integrations have been promptly revoked and rotated.
• The Salesforce Drift application, along with all integrated applications, has been disabled and removed from Tenable’s Salesforce instance.
• The company has further hardened its Salesforce environment and other connected systems to prevent future abuse.
• Tenable applied known indicators of compromise (IoCs), shared by Salesforce and cybersecurity experts, to identify and block malicious activity.
• Salesforce and other SaaS solutions are continuously monitored for any exposures or unusual activity.

The Tenable breach is not an isolated attack. It is connected to a larger and more sophisticated campaign that security experts are monitoring. Attackers used this vector to exfiltrate data from Salesforce instances of various companies using integrated applications. Tenable has confirmed that it was one of several organizations affected by this coordinated attack.

Confirmed victims of this supply chain attack include Palo Alto Networks, Zscaler, Google, Cloudflare, and PagerDuty, which confirmed a security incident that resulted in unauthorized access to some of its data stored in Salesforce.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

Redazione

The Red Hot Cyber Editorial Team provides daily updates on bugs, data breaches, and global threats. Every piece of content is validated by our community of experts, including Pietro Melillo, Massimiliano Brolli, Sandro Sana, Olivia Terragni, and Stefano Gazzella. Through synergy with our industry-leading partners—such as Accenture, CrowdStrike, Trend Micro, and Fortinet—we transform technical complexity into collective awareness. We ensure information accuracy by analyzing primary sources and maintaining a rigorous technical peer-review process.