Qualys has confirmed that it was recently impacted by a cybersecurity campaign targeting Salesloft and Drift, two third-party SaaS platforms that integrate with Salesforce.
The company emphasized that customer data and its own production environments on the Qualys Cloud Platform remain fully secure, with no disruption to operations or services.
The incident, which is described as part of a broader supply chain attack, affected multiple Salesloft customers, including Qualys.
Attackers leveraged stolen OAuth tokens connected to Drift, a sales and marketing automation tool, to gain limited access to Salesforce information.
While the breach touched some Qualys Salesforce data, the company clarified that its cloud infrastructure, agents, scanners, and core codebase were not impacted.
Details of the Incident
According to Qualys, the campaign centered on stealing third-party OAuth tokens, a common authentication mechanism used by cloud platforms to connect and manage workflows.
The stolen credentials allowed unauthorized parties restricted access to Salesforce records linked through the Drift integration.
Drift and Salesloft are often deployed together to enhance sales pipeline management, making them highly valuable targets within enterprise ecosystems.
The company explained that while Salesforce data was exposed, it was contained to a narrow scope of information and did not compromise any production environment.
Qualys underscored that its essential services, which support thousands of organizations worldwide, remained unaffected throughout the incident.
Qualys’ Response and Ongoing Actions
Immediately after learning of the attack, Qualys activated its incident response procedures. The company disabled all Drift integrations with its Salesforce environment to stop potential unauthorized access.
It also launched a comprehensive investigation in partnership with Salesforce and brought in external forensic specialists from Mandiant to assist.
As an additional measure, Qualys has committed to continuous monitoring and will enhance its security controls around third-party integrations.
The company stressed that transparency remains central to its operations and that customers will be notified promptly if further relevant developments arise.
“While this incident highlights the growing threat within interconnected cloud solutions, Qualys platforms were never at risk,” the company stated in its advisory.
“We remain committed to delivering the strongest protections and will continue to build resilience against evolving attacks.”
The supply chain breach underscores an increasing industry challenge: the complexity of securing third-party SaaS apps and integrations that often serve as hidden backdoors into enterprise systems.
While Qualys avoided operational disruption, the campaign targeting Salesforce through Salesloft and Drift illustrates why attackers are focusing on trusted vendor ecosystems rather than direct breaches of primary platforms.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
