Tenable reports being affected by the Salesloft Drift supply chain attack
Learn More
The cybersecurity company Tenable specializing in vulnerability management solutions, is reporting that it was impacted by the supply chain attack targeting the Salesloft Drift integration with Salesforce.
The incident resulted in unauthorized access to customer contact information and support case data stored within Tenable's Salesforce environment.
The cybersecurity firm claims that customer contact details were accessed but Tenable's core products and the data contained within those security solutions remain secure.
The security incident was caused by a supply chain attack that exploited OAuth authentication tokens connected to the Salesloft Drift application. The compromised data included:
- Subject lines and initial descriptions provided by customers when opening Tenable support cases
- Customer names
- Business email addresses
- Phone numbers
- Regional and location references
The number of affected individuals has not been disclosed.
Tenable revoked and rotated all potentially compromised Salesforce, Drift, and associated integration credentials. Tenable completely disabled and removed the Salesloft Drift application from their Salesforce instance, along with all other applications that had integrated with Salesloft.
Tenable has advised its customers to be careful of potential phishing attacks or social engineering attempts that could use the exposed contact information.
