{“lastseen”:”2025-09-06T20:05:46″,”description”:”We recently became aware of a widespread Salesloft \/ Drift supply chain incident that impacted third-party integrations with Drift. We are providing this update as part of our commitment to transparency and keeping our customers informed about the security of our platform and products. \\n\\nThe key takeaway is that there is **no impact on the Qualys production environments (shared platforms and private platforms), codebase, or customer data hosted on the Qualys Cloud Platform, Qualys Agents or Scanners**. All Qualys platforms continue to be fully functional, and at no time was there any operational impact. \\n\\n\\n## **What Happened?**\\n\\nQualys was made aware of a campaign targeting Salesloft Drift (a marketing software-as-a-service) that impacted a large number of Salesloft customers, including Qualys. The incident involved the theft of OAuth tokens connected to Salesloft Drift, a third-party application used to automate sales workflows and integrate with Salesforce for managing leads and contact information. Our investigation found that these credentials allowed limited access to some Qualys Salesforce information.\\n\\n## **Qualys Response**\\n\\nUpon learning of the incident, Qualys immediately activated our incident response plan and:\\n\\n * Disabled all Drift integrations with Qualys\u2019 Salesforce data\\n * Worked to contain any potential unauthorized access\\n * Launched a thorough investigation working closely with Salesforce\\n\\n\\n\\nTo support our investigation, we have also engaged Mandiant, which is supporting many of the organizations impacted.\\n\\nAs with any security incident, we will continue to investigate and monitor the situation as needed. As a security company, we continue to look for ways to enhance security and provide the strongest protections for our customers.\\n\\nQualys is strongly committed to the security of its customers and their data, and we will notify them should relevant information become available.\\n\\nPlease contact the Qualys security team at security_advisories@qualys.com if you need further information.”,”published”:”2025-09-06T19:00:41″,”modified”:”2025-09-06T19:00:41″,”type”:”qualysblog”,”title”:”Salesloft Drift Supply Chain Incident”,”source”:””,”references”:””,”id”:”QUALYSBLOG:39B6B77E6AFF654912BC49586835E745″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.qualys.com\/category\/misc”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-09-06T20:05:46″,”description”:”We recently became aware of a widespread Salesloft \/ Drift supply chain incident that impacted third-party integrations with Drift. We are providing this update as…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,120,7,11,5],"class_list":["post-16311","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-qualysblog","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n