Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Qualys joins Zscaler, PagerDuty, Cloudflare, and hundreds more companies whose customer data was compromised by the Salesforce-linked hack.
Risk management firm Qualys has revealed that some of its Salesforce data has been maliciously accessed by the hackers behind the still snowballing Salesloft Drift compromise.
“We recently became aware of a widespread Salesloft / Drift supply chain incident that impacted third-party integrations with Drift. We are providing this update as part of our commitment to transparency and keeping our customers informed about the security of our platform and products,” Qualys said in a 6 September statement..
“The key takeaway is that there is no impact on the Qualys production environments (shared platforms and private platforms), codebase, or customer data hosted on the Qualys Cloud Platform, Qualys Agents or Scanners. All Qualys platforms continue to be fully functional, and at no time was there any operational impact.”
However, Qualys did say that a threat actor had gained “limited access to some Qualys Salesforce information”.
Qualys immediately disabled all Drift integrations and launched an investigation into the incident. Mandiant is assisting Qualys, at the same time as it supports many other victims.
“As with any security incident, we will continue to investigate and monitor the situation as needed. As a security company, we continue to look for ways to enhance security and provide the strongest protections for our customers,” Qualys said.
“Qualys is strongly committed to the security of its customers and their data, and we will notify them should relevant information become available.”
Qualys joins Zscaler, PagerDuty, Tanium, and Cloudflare as just some of the Salesloft Drift compromise’s largest victims. Salesloft recently revealed that the threat actor behind the campaign had access to the company’s GitHub account between March and June this year.
The threat actor was able to perform reconnaissance-related activity before successfully obtaining the OAuth tokens for many of Salesloft’s customers’ technology integrations. These were then used to access those customers’ data.
“Based on the Mandiant investigation, the findings support the incident has been contained,” Salesloft said.
“The focus of Mandiant’s engagement has now transitioned to forensic quality assurance review.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
