Qualys Joins the Ranks of IT Security Firms Targeted in Salesloft Drift Hacking Campaign

Risk management firm Qualys has disclosed that some of its Salesforce data was maliciously accessed by hackers involved in the ongoing Salesloft Drift compromise. In a statement released on 6 September, Qualys acknowledged a widespread supply chain incident affecting third-party integrations with Drift. The firm emphasised its commitment to transparency and keeping customers informed about the security of its platform and products. Importantly, Qualys reassured its clients that there was no impact on its production environments, codebase, or customer data hosted on the Qualys Cloud Platform, Qualys Agents, or Scanners. All Qualys platforms remained fully functional, and there was no operational disruption.

Despite the limited access to some Salesforce information, Qualys acted swiftly by disabling all Drift integrations and initiating an investigation into the incident. Mandiant is assisting Qualys in this investigation while also supporting other affected parties. Qualys reiterated its dedication to ongoing monitoring and investigation of the situation. As a security company, it remains focused on enhancing security measures and providing robust protections for its customers. 

Categories: Data Breach, Cybersecurity Incident, Third-Party Integration 

Tags: Qualys, Salesforce, Hackers, Compromise, Incident, Integrations, Investigation, Security, Access, Transparency