Cybersecurity company Qualys confirms data breach caused by Salesloft Drift supply chain attack

Cybersecurity and risk management company Qualys has confirmed that it was among the hundreds of organizations impacted by a sophisticated supply chain attack targeting the Salesloft Drift integration platform. 

The incident resulted in unauthorized access to limited portions of Qualys's Salesforce data through compromised OAuth authentication tokens. The compromised data was primarily related to sales and marketing operations, but the company has not listed the categories of information accessed. 

The number of affected individuals is not disclosed.

The cybersecurity firm claims that there was no impact on its core production environments, security products, or customer data hosted on the Qualys Cloud Platform.

From August 8-18, 2025, a threat actor utilized compromised OAuth credentials to steal data from affected customers' Salesforce environments. The attackers targeted organizations that had integrated the Salesloft Drift application with their customer relationship management systems, using stolen OAuth tokens to gain unauthorized access to Salesforce instances across multiple companies. 

Qualys disabled all Drift integrations with Qualys's Salesforce data and has committed to continuous monitoring of the situation and will provide additional updates to customers and stakeholders as relevant information becomes available.