Tenable has recently confirmed a data breach affecting a segment of its customers, where an unauthorized user gained access to contact details and support case information. This incident is not isolated, but rather part of a broader, sophisticated data theft campaign targeting a vulnerability in the integration between Salesforce and the Salesloft Drift marketing application, which has impacted numerous organizations. Tenable’s investigation found that while its core products and the data within them remain secure, the incident highlights the security risks posed by third-party application integrations within major business platforms.
The compromised information was limited to data residing within Tenable’s Salesforce environment. This included standard business contact information, such as customer names, email addresses, and phone numbers. Additionally, regional and location references associated with customer accounts were exposed. The breach also revealed the subject lines and initial descriptions that customers had provided when opening support cases. At this time, Tenable has stated there is no evidence to suggest that the stolen information has been misused by the attackers.
The breach at Tenable is not an isolated event but is linked to a wider, coordinated effort that security experts have been tracking. This campaign specifically exploits a vulnerability in the integration between Salesforce and Salesloft Drift, a popular sales engagement platform. Attackers have been leveraging this specific vector to exfiltrate data from the Salesforce instances of various companies that utilize these integrated applications, and Tenable confirmed it was among the organizations impacted by this coordinated campaign.
Upon discovering the incident, Tenable took swift and decisive action to mitigate the risk and protect customer data. The company immediately revoked and rotated all potentially compromised credentials for Salesforce, Drift, and related integrations. The Salesloft Drift application, along with all applications that integrated with it, was promptly disabled and removed from Tenable’s Salesforce environment. Furthermore, the company has hardened its Salesforce and other connected systems to prevent any future exploitation of a similar nature.
Tenable has applied known Indicators of Compromise (IoCs) shared by Salesforce and cybersecurity experts to identify and block any further malicious activity. The company is also maintaining continuous monitoring of its Salesforce and other SaaS solutions to detect any unusual activity or exposures. Tenable is actively advising its customers to remain vigilant and has recommended that they follow proactive steps outlined by both Salesforce and leading security experts to further secure their own systems.
Reference:
