Tenable Confirms Data Breach Linked to Salesforce-Salesloft Drift Attack

Cybersecurity company Tenable has confirmed a data breach that exposed some of its customers’ contact details and support case information. The incident is part of a larger supply chain attack targeting the integration between Salesforce and the Salesloft Drift marketing app, which has also affected several other major organizations.

What Happened

Tenable revealed that an unauthorized user gained access to a portion of customer data stored in its Salesforce system. The information exposed included:

• Customer names, business email addresses, and phone numbers

• Regional details linked to accounts

• Subject lines and short descriptions from customer support cases

The company stressed that its core products and customer data within them remain safe, and so far, there is no evidence the stolen information has been misused.

A Wider Campaign

This was not an isolated attack. Security experts have been tracking a sophisticated data theft campaign exploiting the Salesforce–Salesloft Drift integration. Attackers have used this pathway to steal data from multiple companies’ Salesforce platforms.

Other confirmed victims include:

• Palo Alto Networks, which reported the exposure of sales and contact data.

• Zscaler, which confirmed access to customer information and some support case details.

• Google, which said a “very small number” of Workspace accounts were accessed.

• Cloudflare, where customer data was stolen from its Salesforce instance.

• PagerDuty, which reported unauthorized access to Salesforce-stored data.

Tenable’s Response

As soon as the breach was discovered, Tenable took several actions to protect its systems and customers:

• Revoked and rotated all potentially compromised credentials

• Disabled and removed the Salesloft Drift app from Salesforce

• Strengthened its Salesforce environment and related systems

• Applied threat indicators shared by Salesforce and cybersecurity experts

• Increased monitoring of Salesforce and other SaaS applications

The company also urged its customers to remain cautious and follow the security steps recommended by Salesforce and industry experts.

Why It Matters

This breach highlights the risks tied to third-party integrations within widely used business platforms. While Tenable’s core services remain unaffected, the incident raises fresh concerns about how attackers can exploit supply chain connections to target multiple organizations at once.