Supply Chain Incident at Salesloft Drift
In a recent update, cybersecurity company Qualys has addressed the security incident involving the Accellion FTA, as detailed in its "Vulnerabilities and Threat Research" section of the Qualys Insights blog.
Upon learning of the incident, Qualys immediately activated its incident response plan. The company wishes to assure its customers that there was no impact on Qualys' production environments, codebase, customer data hosted on the Qualys Cloud Platform, Qualys Agents, or Scanners. All Qualys platforms continue to be fully functional.
The incident, it appears, was a result of a cyberattack by the hacker group Shinyhunters, which targeted Salesloft's Drift integration. The attackers gained access by compromising Salesloft's GitHub account from March to June 2025, and then used stolen AWS credentials to exfiltrate OAuth tokens. These tokens allowed access to clients' Salesforce instances and their data, including Qualys' Salesforce information.
As a result of the incident, OAuth tokens connected to Salesloft Drift were stolen, granting limited access to some Qualys Salesforce information. Qualys has launched a thorough investigation into the incident, with Mandiant supporting its efforts.
Qualys is committed to the security of its customers and their data. As part of its ongoing investigation and monitoring, the company is seeking ways to enhance security and provide stronger protections for its customers. In this regard, Qualys has already taken steps such as disabling all Drift integrations with Qualys' Salesforce data.
For further information, Qualys' security team can be contacted at security_advisories@our socials.com. The company will notify its customers if relevant information about the incident becomes available.
It is worth noting that Qualys has maintained continuity of service in response to COVID-19, as stated in the "Qualys Insights" section of its blog.
This incident underscores the importance of robust security measures in the face of increasingly sophisticated cyber threats. Qualys remains vigilant and dedicated to safeguarding its customers' data and maintaining the trust they place in its services.
For updates on this and other issues, visit the Qualys Insights blog at your convenience.
Read also:
- List of 2025's Billionaire Video Game Moguls Ranked by Fortune
- Dynamic exchange of power and data is shaping the network of tomorrow
- Italy passes legislation regulating AI, focusing on privacy protection, supervision, and safeguards for minors
- Enhanced Technologies for Privacy in Data Transmission and Network Sharing
