Qualys Confirms Data Breach: Hackers Compromise Salesforce Data in Supply Chain Attack

Qualys has confirmed it was affected by a significant supply chain attack that targeted the Salesloft Drift marketing platform, leading to unauthorized access to a portion of its Salesforce data. This breach stemmed from a sophisticated cyberattack campaign aimed at Salesloft Drift, a third-party Software-as-a-Service (SaaS) application utilized by Qualys for automating sales workflows and managing marketing leads. The attackers successfully stole OAuth authentication tokens that linked the Drift application to Qualys’s Salesforce instance, allowing them to gain unauthorized access. However, Qualys specified that the breach was limited to certain information within its Salesforce environment, primarily concerning lead and contact management. Importantly, the company confirmed that its foundational security infrastructure remained uncompromised, with no impact on its production environments, including shared and private platforms, codebase, or customer data hosted on the Qualys Cloud Platform.

Upon discovering the incident, Qualys promptly activated its incident response plan, with its security team taking immediate action to contain the threat by disabling all Drift integrations with its Salesforce data. This effectively cut off the attackers’ access. To aid in its internal investigation, Qualys has engaged the prominent cybersecurity firm Mandiant, which is also assisting other organizations affected by this widespread campaign against Salesloft Drift. Confirmed victims of this supply chain attack include Palo Alto Networks, Zscaler, Google, Cloudflare, PagerDuty, and Tenable, all of which reported varying degrees of data exposure and breaches. 

Categories: Data Breach, Supply Chain Attack, Cybersecurity Response 

Tags: Qualys, Supply Chain Attack, Salesloft Drift, Salesforce Data, OAuth Tokens, Cybersecurity, Incident Response, Mandiant, Data Breach, Customer Information