Salesloft Drift Supply Chain Incident

Jonathan Trull

We recently became aware of a widespread Salesloft / Drift supply chain incident that impacted third-party integrations with Drift. We are providing this update as part of our commitment to transparency and keeping our customers informed about the security of our platform and products. 

The key takeaway is that there is no impact on the Qualys production environments (shared platforms and private platforms), codebase, or customer data hosted on the Qualys Cloud Platform, Qualys Agents or Scanners. All Qualys platforms continue to be fully functional, and at no time was there any operational impact.

What Happened?

Qualys was made aware of a campaign targeting Salesloft Drift (a marketing software-as-a-service) that impacted a large number of Salesloft customers, including Qualys. The incident involved the theft of OAuth tokens connected to Salesloft Drift, a third-party application used to automate sales workflows and integrate with Salesforce for managing leads and contact information. Our investigation found that these credentials allowed limited access to some Qualys Salesforce information.

Qualys Response

Upon learning of the incident, Qualys immediately activated our incident response plan and:

  • Disabled all Drift integrations with Qualys’ Salesforce data
  • Worked to contain any potential unauthorized access
  • Launched a thorough investigation working closely with Salesforce

To support our investigation, we have also engaged Mandiant, which is supporting many of the organizations impacted.

As with any security incident, we will continue to investigate and monitor the situation as needed. As a security company, we continue to look for ways to enhance security and provide the strongest protections for our customers.

Qualys is strongly committed to the security of its customers and their data, and we will notify them should relevant information become available.

Please contact the Qualys security team at security_advisories@qualys.com if you need further information. 

Share your Comments

Comments

Your email address will not be published. Required fields are marked *