HackerOne, a leading vulnerability coordination platform, has confirmed that its Salesforce environment was compromised in a recent third-party data breach.
The incident stemmed from an attack on the Drift application provided by Salesloft, which allowed unauthorized actors to gain entry to records stored in Salesforce.
While no customer vulnerability data appears to have been exposed, HackerOne is conducting a thorough investigation and will communicate directly with any affected parties.
Incident Overview
On August 22, Salesforce alerted its customers to suspicious activity involving the Drift integration supplied by Salesloft.
The following day, Salesloft confirmed that an unauthorized party had exploited a vulnerability in the Drift application’s integration with Salesforce, granting them access to certain customer records across multiple companies.
HackerOne was among the companies notified by Salesforce on Friday, August 22, and received confirmation of the breach from Salesloft on August 23.
Upon receiving notice, HackerOne’s security team immediately activated its incident response plan. The team collaborated closely with both Salesforce and Salesloft to determine exactly which systems and records were affected.
Early findings revealed that the breach was isolated to a subset of data housed within HackerOne’s Salesforce instance, accessed through the compromised Drift integration.
HackerOne’s security protocols, which include rigorous data segmentation and access controls, helped contain the incident and prevent further escalation.
Impact and Response
HackerOne has stated that the compromised records did not include any sensitive customer vulnerability submissions or private security reports.
The company’s strict separation of internal data from customer vulnerability data ensured that no exploit details, proof-of-concept code, or vulnerability assessments were exposed.
Instead, the breach appears to have impacted general Salesforce records, such as contact information and standard account details.
Despite the limited scope, HackerOne has engaged external forensic experts to verify the full extent of the breach and to ensure no residual access remains.
The company is reviewing all logs, authentication events, and data flows related to the Drift integration.
As a precaution, HackerOne has disabled the affected integration and is working with Salesloft to deploy a secure update to Drift that addresses the vulnerability.
In line with its core value of Default to Disclosure, HackerOne is committed to transparency throughout the investigation.
The company has set up a dedicated support channel for any customers who have concerns about the incident.
All impacted individuals will receive direct notifications, and HackerOne will provide guidance on monitoring for any unusual activity that could stem from the breach.
Customers are encouraged to review their account notifications from HackerOne and Salesforce and to reach out to HackerOne’s security support if they have any questions.
By maintaining open communication and swiftly addressing the vulnerability, HackerOne aims to uphold the trust that organizations place in its platform to responsibly manage and protect their most sensitive security information.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
