Salesloft Drift Supply Chain Incident: What You Need to Know

On September 6, 2025, Qualys disclosed its involvement in a broader Salesloft / Drift supply chain incident that impacted numerous organizations relying on Drift integrations for sales automation and CRM workflows.

What Happened? Attackers targeted OAuth tokens linked to Salesloft Drift, a third-party SaaS used to automate sales workflows and integrate with Salesforce. These stolen credentials granted limited access to Salesforce data, including some belonging to Qualys.

Qualys Response: Upon detection, Qualys acted swiftly:

• Disabled all Drift integrations with Salesforce.
• Contained potential unauthorized access.
• Initiated a full investigation in collaboration with Salesforce.
• Engaged Mandiant to support the response efforts.

Impact: No compromise to Qualys production environments, codebase, or customer data. All platforms remain fully operational.

This incident is a stark reminder of the risks inherent in third-party integrations and the importance of proactive incident response and transparency.

Kudos to Qualys for their rapid containment and clear communication. As supply chain attacks grow more sophisticated, cross-functional vigilance and vendor risk management are more critical than ever.

#CyberSecurity #SupplyChainSecurity #Salesloft #Drift #OAuth #IncidentResponse #Qualys #Salesforce #ThirdPartyRisk #SecurityLeadership