Elastic Salesloft Drift Security Incident \u2013 Hackers Accessed Email Account Contains Valid Credentials
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Elastic has disclosed a security incident stemming from a third-party breach at Salesloft Drift, which resulted in unauthorized access to an internal email account containing valid credentials. <\/p>\n
While the company\u2019s core Salesforce environment was not impacted, the incident exposed sensitive information contained within a limited number of emails.<\/p>\n
The chain of events began on August 26, 2025, when Salesloft Drift publicly disclosed a security incident affecting its platform. <\/p>\n
A subsequent in-depth report from Google\u2019s Threat Intelligence Group detailed the threat actor\u2019s activities related to the breach. <\/p>\n
As a customer using Drift for certain business applications, Elastic initiated its incident response protocols to investigate any potential impact proactively.<\/p>\n
Although Elastic was not directly notified of being affected, its security team<\/a> launched an immediate investigation to determine if any company or customer data was exposed.<\/p>\n Elastic\u2019s investigation confirmed that its Salesforce environment was not compromised. However, the team discovered that a single email account had been exposed through the \u201cDrift Email\u201d integration. <\/p>\n This exposure may have granted an unauthorized actor read-only access to emails received in that specific inbox. <\/p>\n After conducting a scan of the inbox\u2019s contents, security personnel identified a small number of inbound emails that included potentially valid credentials. <\/p>\n In response to this discovery, Elastic notified the customers who were potentially affected through existing support channels. <\/p>\n The company has stated that any customer who did not receive a direct notification was not identified as being impacted by this credential leak.<\/p>\n Immediately after learning of the Drift incident, Elastic\u2019s Information Security team took decisive action to contain the threat and assess the damage. <\/p>\n The team launched a comprehensive investigation, reviewing access logs, network activity, and system configurations to determine the extent of the data exposure. <\/p>\n A critical first step was to disable all Drift integrations within Elastic\u2019s environment, thereby eliminating any further risk from the compromised third-party platform. <\/p>\n Concurrently, the team monitored open-source intelligence for Indicators of Compromise (IOCs) and coordinated with Drift\u2019s security team to gather additional information. <\/p>\n Elastic has affirmed its commitment to transparency and protecting customer data, and its team continues to monitor for new information related to the event.<\/p>\n Confirmed victims of this supply chain attack include:<\/p>\n Find this Story Interesting! Follow us on Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>.<\/p>\n The post Elastic Salesloft Drift Security Incident \u2013 Hackers Accessed Email Account Contains Valid Credentials<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nScope Of The Impact<\/strong><\/h2>\n
\n