Tenable Confirms Data Breach: Hackers Compromise Customer Contact Information
Tenable has confirmed a data breach that exposed the contact details and support case information of some of its customers. The incident is part of a broader data theft campaign targeting an integration between Salesforce and the Salesloft Drift marketing application, affecting numerous organisations. In a public statement, Tenable expressed its commitment to transparency and detailed the extent of the breach. An investigation revealed that an unauthorised user gained access to a segment of customer information stored within Tenable’s Salesforce instance. While Tenable’s core products and the data within them remain secure, the incident has raised concerns about the security of third-party application integrations within major business platforms. The exposed data included commonly available business contact information, regional references, and subject lines from customer support cases. At this time, there is no evidence suggesting that the attackers have actively misused any of this information.
The breach at Tenable is linked to a sophisticated campaign exploiting a vulnerability in the integration between Salesforce and Salesloft Drift. Attackers have been using this vector to exfiltrate data from the Salesforce instances of various companies. Upon discovering the incident, Tenable took immediate action to secure its systems and protect customer data. The company promptly revoked and rotated all potentially compromised credentials for Salesforce, Drift, and related integrations. Additionally, the Salesloft Drift application was disabled and removed from Tenable’s Salesforce instance. Tenable has further hardened its Salesforce environment and applied known Indicators of Compromise shared by Salesforce and cybersecurity experts. Continuous monitoring of its Salesforce and other SaaS solutions is ongoing to detect any unusual activity. Tenable advises its customers to remain vigilant and follow proactive steps outlined by Salesforce and leading security experts to secure their own systems.
Categories: Data Breach, Third-Party Application Security, Incident Response and Mitigation
Tags: Data Breach, Tenable, Salesforce, Salesloft Drift, Customer Information, Unauthorized Access, Security, Integration, Cybersecurity, Mitigation