Tenable, a leading cybersecurity firm, has officially confirmed a data breach where hackers gained access to customer information within its Salesforce CRM environment. Exposed data includes business contact details such as customer names, email addresses, phone numbers, region and location metadata, as well as subject lines and initial descriptions from support case submissions. Importantly, Tenable assured that its core products and proprietary data remained secure, and there is currently no evidence suggesting active misuse of the compromised information.
A Coordinated Attack via Third-Party Integration
The breach stems from a larger, sophisticated campaign exploiting a vulnerability in the integration between Salesforce and Salesloft Drift, an external marketing engagement platform. Threat actors used stolen OAuth authentication tokens to infiltrate Salesforce instances across multiple organizations. Tenable was one of several entities affected; others include Palo Alto Networks, Zscaler, Google, Cloudflare, Proofpoint, CyberArk, and more, each reporting unauthorized access to segments of their Salesforce data.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Rapid Response and Mitigation
Tenable responded quickly upon discovering the intrusion. The company revoked and rotated all potentially compromised credentials related to Salesforce, Salesloft Drift, and associated integrations. It then disabled and removed the Salesloft Drift application from its Salesforce instance, further hardened its environment, and applied Indicators of Compromise (IoCs) provided by Salesforce and cybersecurity experts. Additionally, Tenable has commenced continuous monitoring of its Salesforce and other SaaS tools to detect unusual activity or further risks. Customers have been urged to stay alert and adopt recommended security measures from Salesforce and leading security authorities.
This incident exposes critical security gaps in third-party integrations within major CRM platforms. It underscores the pressing need for organizations to implement rigorous access controls, regularly review third-party application permissions, and enforce robust monitoring to safeguard against future breaches.