Tenable has confirmed a data breach that exposed the contact details and support case information of some of its customers.
The company stated the incident is part of a broader data theft campaign targeting an integration between Salesforce and the Salesloft Drift marketing application, which has affected numerous organizations.
In a public statement, Tenable expressed its commitment to transparency and detailed the extent of the breach. The company’s investigation found that an unauthorized user had gained access to a segment of customer information stored within its Salesforce instance.
While Tenable’s core products and the data within them remain secure, the incident has raised concerns about the security of third-party application integrations within major business platforms.
Exposed Data
The information accessed by the unauthorized party was limited to data within Tenable’s Salesforce environment. This included:
- Commonly available business contact information, such as customer names, business email addresses, and phone numbers.
- Regional and location references associated with customer accounts.
- Subject lines and initial descriptions that customers provided when opening a support case.
Tenable has noted that at this time, there is no evidence to suggest that the attackers have actively misused any of this information.
The breach at Tenable was not an isolated attack but is linked to a wider, sophisticated campaign that security experts have been tracking. This campaign specifically exploits a vulnerability in the integration between Salesforce and Salesloft Drift, a popular sales engagement platform.
Attackers have been using this vector to exfiltrate data from the Salesforce instances of various companies that use the integrated applications. Tenable confirmed it was one of many organizations impacted by this coordinated effort.
Tenable’s Response and Mitigation
Upon discovering the incident, Tenable took immediate action to secure its systems and protect customer data. The company has outlined several steps it has taken to address the issue:
- All potentially compromised credentials for Salesforce, Drift, and related integrations were promptly revoked and rotated.
- The Salesloft Drift application, along with all applications that integrated with it, was disabled and removed from Tenable’s Salesforce instance.
- The company has further hardened its Salesforce environment and other connected systems to prevent future exploitation.
- Tenable applied known Indicators of Compromise (IoCs) shared by Salesforce and cybersecurity experts to identify and block malicious activity.
- Continuous monitoring of its Salesforce and other SaaS solutions is ongoing to detect any exposures or unusual activity.
Tenable is advising its customers to remain vigilant and has recommended that they follow the proactive steps outlined by Salesforce and leading security experts to secure their own systems.
Confirmed victims of this supply chain attack include:
- Palo Alto Networks: The cybersecurity firm confirmed the exposure of business contact information and internal sales data from its CRM platform.
- Zscaler: The cloud security company reported that customer information, including names, contact details, and some support case content, was accessed.
- Google: In addition to being an investigator, Google confirmed a “very small number” of its Workspace accounts were accessed through the compromised tokens.
- Cloudflare: Cloudflare has confirmed a data breach where a sophisticated threat actor accessed and stole customer data from the company’s Salesforce instance.
- PagerDuty has confirmed a security incident that resulted in unauthorized access to some of its data stored in Salesforce.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
