Tenable Response to Salesforce and Salesloft Drift Incident
Tenable遭遇数据泄露事件,因Salesforce与Salesloft Drift集成问题导致部分客户信息外泄。受影响数据包括支持案例信息及常见业务联系信息。Tenable已采取措施修复漏洞,并建议客户采取防范措施以确保安全。
2025-9-3 16:30:0
Author: www.tenable.com(查看原文)
阅读量:2
收藏
September 3, 2025
2 Min Read
At Tenable, we take transparency seriously, especially when it comes to protecting our customers’ data. We recently learned of a widespread data theft campaign involving the integration of Salesforce and Salesloft Drift, and Tenable was among the many organizations impacted. In line with our commitment to transparency and data protection, we made impacted customers aware of the details as quickly as possible. Importantly, we assured them that Tenable products and any data within the Tenable product suite were not impacted.
Our ongoing investigation found evidence that an unauthorized user had access to a portion of some of our customers’ information stored in our Salesforce instance, including subject lines and initial descriptions provided by our customers when opening a Tenable support case, and commonly available business contact information (such as names, business email addresses, phone numbers, and regional/location references). At this time we have no evidence that any of this information has been misused.
Tenable has robust controls in place and have taken immediate action to address this issue, including:
- Revoked and Rotated Credentials: Revoked and rotated all potentially compromised Salesforce, Drift and associated integrations (or systems) credentials.
- Secured Our Systems: Further hardened our Salesforce environment and other connected systems to reduce the likelihood of a future exploitation.
- Disabled and Removed the Application: Disabled and removed the Salesloft Drift application from our Salesforce instance and all applications that integrated with Salesloft.
- Actioned Indicators of Compromise: Applied known available indicators of compromise shared by Salesforce and leading cybersecurity experts.
- Maintained Continuous Monitoring: Ongoing monitoring of our Salesforce and other SaaS solutions utilizing our established SSPM technology for exposures and unusual activity.
The security and privacy of our customers’ data are critical to us, and we strongly recommend that our customers take the proactive steps recommended by Salesforce and leading cybersecurity experts, which can be viewed here.
At Tenable, we are committed to a transparent and thorough response to any security issue. Our team is working around the clock to safeguard our systems and our customers’ data, and will update as appropriate.
Need Assistance?
If you have concerns or need additional support, Tenable’s Support teams are available at [email protected].
Chief Security Officer, Head of Research and President of Tenable Public Sector
As Tenable’s Chief Security Officer, Head of Research and President of Tenable Public Sector, LLC, Robert Huber oversees the company's global security and research teams, working cross-functionally to reduce risk to the organization, its customers and the broader industry. He has more than 25 years of cyber security experience across the financial, defense, critical infrastructure and technology sectors. Prior to joining Tenable, Robert was a chief security and strategy officer at Eastwind Networks. He was previously co-founder and president of Critical Intelligence, an OT threat intelligence and solutions provider, which cyber threat intelligence leader iSIGHT Partners acquired in 2015. He also served as a member of the Lockheed Martin CIRT, an OT security researcher at Idaho National Laboratory and was a chief security architect for JP Morgan Chase. Robert is a board member and advisor to several security startups and served in the U.S. Air Force and Air National Guard for more than 22 years. Before retiring in 2021, he provided offensive and defensive cyber capabilities supporting the National Security Agency (NSA), United States Cyber Command and state missions.
Cybersecurity news you can use
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
Tenable Vulnerability Management
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.
Tenable Vulnerability Management
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose your subscription option:
Thank You
Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.
Tenable Vulnerability Management
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.
Tenable Vulnerability Management
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose your subscription option:
Thank you
Thank you for your interest in Tenable.io. A representative will be in touch soon.
Tenable Vulnerability Management
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.
Tenable Vulnerability Management
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose your subscription option:
Thank you
Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.
Try Tenable Web App Scanning
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management.
Buy Tenable Web App Scanning
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Request a demo of Tenable Security Center
Please fill out this form with your contact information.
A sales representative will contact you shortly to schedule a demo.
* Field is required
Request a demo of Tenable OT Security
Get the Operational Technology security you need.
Reduce the risk you don’t.
Request a demo
Don’t wait for an attack--eliminate risks before they’re exploited.
- Uncover hidden weaknesses
- Stop threats before they strike
- Simplify security
- Secure hybrid environments
Request a demo of Tenable Cloud Security
Exceptional unified cloud security awaits you!
We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.
See
Tenable One
in action
Exposure management for the modern attack surface.
Get started with Tenable AI Exposure
See Tenable Attack Surface Management in action
Know the exposure of every asset on any platform.
Get a demo of Tenable Enclave Security
Please fill out the form with your contact information and a sales representative will contact you shortly to schedule a demo.
Thank You
Thank you for your interest in Tenable Enclave Security. A representative will be in touch soon.
Try Tenable Nessus Professional free
Tenable Nessus is the most comprehensive vulnerability scanner on the market today.
NEW - Tenable Nessus Expert
now available
Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.
Fill out the form below to continue with a Nessus Pro trial.
Buy Tenable Nessus Professional
Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.
Try Tenable Nessus Expert free
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Buy Tenable Nessus Expert
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements
Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.
Get a demo of Tenable Patch Management
Interested in streamlining security and IT collaboration and shortening the mean time to remediate with automation? Try Tenable Patch Management.
文章来源: https://www.tenable.com/blog/tenable-response-to-salesforce-and-salesloft-drift-incident
如有侵权请联系:admin#unsafe.sh