By rssfeeds-admin 
No core Qualys systems or customer data on its cloud platform were affected.
Qualys disclosed that it fell victim to a supply chain attack targeting Salesloft Drift, the third-party SaaS application it uses to automate sales workflows and manage marketing leads.
In early September 2025, malicious actors breached Salesloft Drift and successfully exfiltrated OAuth authentication tokens that linked the Drift application to Qualys’s Salesforce instance.
Using those tokens, attackers gained unauthorized, read-only access to a subset of Salesforce records.
Although the incident involved access to Qualys’s Salesforce environment, the company emphasized that the breach was contained to certain lead and contact details.
There was no impact on:
- Qualys’s production platforms—shared or private
- Its underlying code repositories
- Agents, scanners, or any cloud-hosted customer data
- Operational continuity, as all services remained fully functional
Upon detecting suspicious activity, Qualys immediately enacted its incident response plan.
The security team disabled all Drift integrations with Salesforce, severing the attackers’ remaining access pathways.
Simultaneously, Qualys engaged cybersecurity specialist Mandiant to conduct a thorough investigation into the scope and root cause of the compromise.
Mandiant is also supporting other organizations targeted in this widespread campaign against Salesloft Drift.
Several prominent technology companies have confirmed their own exposures resulting from this campaign:
| Organization | Data Accessed |
|---|---|
| Palo Alto Networks | Business contact information, internal sales data |
| Zscaler | Customer names, contacts, support case content |
| “Very small number” of Workspace accounts | |
| Cloudflare | Customer data from Salesforce instance |
| PagerDuty | Some Salesforce-stored records |
| Tenable | Customer contact and support case information |
Qualys reassured stakeholders that its core security infrastructure remained uncompromised.
The breach did not affect the Qualys Cloud Platform’s integrity or any customer-facing functionalities.
All agents and scanners continued to operate without interruption, ensuring no service degradation for its user base.
In its public statement, Qualys affirmed its commitment to transparency and ongoing remediation.
The company continues to monitor for any anomalous activity and is collaborating closely with Mandiant and industry partners to strengthen defenses against future supply chain threats.
Organizations using third-party SaaS integrations—particularly those that connect to critical systems like Salesforce—are urged to review their own OAuth token usage, enforce strict access controls, and conduct regular security assessments.
The Salesloft Drift supply chain incident serves as a stark reminder that vulnerabilities in partner ecosystems can directly impact even the most security-focused enterprises.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
The post Qualys Confirms Salesforce Data Compromised in Salesloft-Drift Cyberattack appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.