Hey, did you hear? Well known cybersecurity vendor Tenable, announced this week that it had a data breach involving customer contact details. This happened because hackers accessed Tenable's Salesforce application - the vendor uses Salesforce for support and managing customer cases. This attack is part of a wider attack actively targeting Salesforce integrations and different applications, including Salesloft and Drift.
• Customers' Names – Full name of customer(s).
• Business Email Address(es) – Email used for work.
• Phone Numbers – Phone number associated with his/her account.
• Support Case insights – Information customers provided and shared when opening support tickets.
The good news? No passwords, payment information nor sensitive files, were taken. So your accounts and money are safe… for the moment.
Essentially, they gained access to OAuth tokens, which are basically the keys to customer data found in Salesforce. Once they were able to gain access to those tokens they were able to see the exposed data.
What Is Tenable Doing About It?
Tenable is taking action quickly. Here is what they did:
• Changed all credentials – They reset any login credentials that could have been impacted.
• Secured their environments – They bolstered their Salesforce security and removed the Salesloft Drift application.
• Investigating and updating customers – They are investigating everything they possibly can, and keeping all customers updated transparently.
What Should Customers Do?
Here's what I would do if I were a Tenable customer:
• Take notice of your accounts – Check emails and phone messages for odd things.
• Be aware of phishing – Do not click or provide info to anyone requesting none.
• Contact Tenable Support – You can not go very wrong by contacting Tenable Support if you are not sure or concerned.
Anyway, it can never hurt to be a bit cautious—stay safe!
What Information Was Exposed?
Here's what the hackers accessed:• Customers' Names – Full name of customer(s).
• Business Email Address(es) – Email used for work.
• Phone Numbers – Phone number associated with his/her account.
• Support Case insights – Information customers provided and shared when opening support tickets.
The good news? No passwords, payment information nor sensitive files, were taken. So your accounts and money are safe… for the moment.
How Did This Happen?
The hackers exploited a supply chain attack. They took advantage of flaws in the integration between Salesforce and Salesloft Drift.Essentially, they gained access to OAuth tokens, which are basically the keys to customer data found in Salesforce. Once they were able to gain access to those tokens they were able to see the exposed data.
What Is Tenable Doing About It?
Tenable is taking action quickly. Here is what they did:
• Changed all credentials – They reset any login credentials that could have been impacted.
• Secured their environments – They bolstered their Salesforce security and removed the Salesloft Drift application.
• Investigating and updating customers – They are investigating everything they possibly can, and keeping all customers updated transparently.
What Should Customers Do?
Here's what I would do if I were a Tenable customer:
• Take notice of your accounts – Check emails and phone messages for odd things.
• Be aware of phishing – Do not click or provide info to anyone requesting none.
• Contact Tenable Support – You can not go very wrong by contacting Tenable Support if you are not sure or concerned.
Conclusion
While there is some solace in the fact that no particularly sensitive data was compromised, this breach serves as a reminder that third-party applications entail risk. Tenable acted quickly, which is good, but it emphasizes that users should always remain vigilant and ensure that security is never weakened.Anyway, it can never hurt to be a bit cautious—stay safe!
