Hackers accessed some Salesforce information from risk management company Qualys during the ongoing Salesforce Drift hacking campaign, but they did not affect Qualys’ main platforms or customer data hosted on its cloud services.
Qualys Confirms Limited Salesforce Data Breach
In a statement released on September 6, Qualys said it became aware of a “widespread Salesloft / Drift supply chain incident” affecting third-party integrations with Drift.
The company emphasized that its production systems, private platforms, and operational services remain fully functional. “All Qualys platforms continue to be fully operational, and at no time was there any operational impact,” the company stated.
However, the hackers did manage to gain “limited access” to certain Salesforce information connected to Qualys. The company immediately disabled all Drift integrations and launched an investigation to determine the extent of the intrusion.
Investigation Underway with Mandiant Support
Qualys is working with security experts from Mandiant, the same firm helping many other companies affected by the Drift-related attacks. The company confirmed that it is monitoring the situation closely and reviewing security measures to protect customer data.
Qualys said it will keep investigating and watching the situation. The company is also working to improve security and protect its customers. Qualys reassured customers that it will share updates when new information becomes available.
How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?
The Salesforce Drift hacking campaign has affected several other major IT security companies, including Zscaler, PagerDuty, Tanium, and CloudFlare. Hackers reportedly gained access to Salesloft’s GitHub account between March and June of this year.
They were able to perform reconnaissance and eventually obtained OAuth tokens for many of Salesloft’s customers’ technology integrations. These tokens allowed unauthorized access to customer data, raising concerns about widespread exposure.
Salesloft Confirms Containment and Forensic Review
Salesloft, the company at the center of the breach, confirmed that it has contained the campaign. According to their update, Mandiant’s team has moved from actively investigating to conducting a forensic quality assurance review.
The experts are now confirming that they have addressed all traces of the attack and are assessing any potential weaknesses in the system.
Qualys’ inclusion among the victims highlights the reach and impact of the Salesforce Drift compromise. Despite being a security-focused company, Qualys was still affected, showing that even firms specializing in cybersecurity are not immune to sophisticated attacks.
CISA warns China-linked hacking group continues long-running campaign against 80 countries
The breach has made many organizations improve security for third-party integrations. They are also watching for any suspicious activity. Qualys acted quickly by disabling Drift connections and calling in security experts. Customers are being updated as the investigation continues.
The Salesforce Drift hacking campaign continues to make headlines. It is affecting more companies that use Salesloft and Drift integrations. Qualys and other affected companies are staying open and careful. Forensic reviews and investigations are ongoing.
