Software intelligence giant Dynatrace has admitted that customer data was swept up in one of the year’s biggest supply-chain hacks.
Software intelligence giant Dynatrace has joined the growing list of companies affected by the recent security incident involving Salesloft Drift, a popular AI-powered marketing chatbot that companies use to engage customers.
Headquartered in the US and Austria, Dynatrace provides an application performance management (APM) platform that monitors IT infrastructure. The company’s clients are governments, airlines, and financial institutions, including Air Canada, the Australian Government, TD Bank, Virgin Money, BT Group, and it boasts €1.51 billion in annual revenue.
The company confirmed that it was among those affected and that customers' business contact data was exposed.
“A cyberattack on Salesloft’s Drift application resulted in unauthorized access to Salesforce CRM data from companies using the third-party app. Like many companies, Dynatrace was among those affected by the Salesloft incident," the company wrote.
Customers’ first and last names and company identifiers are among the affected data. Dynatrace reports that it has disabled Drift in its environment. An investigation showed that the breach was limited solely to Salesforce, the company's CRM platform, which it uses for customer management and marketing purposes.
“No Dynatrace products or services, including any systems containing customer data or any services that directly interface with customer systems, were affected,” said the company in a statement.
Devastating chain attack
The snowball effect started when hackers abused Salesloft’s Drift application integrations with Salesforce and other platforms to access sensitive customer data on Salesforce CRM.
Cloudflare, Zscaler, Palo Alto Networks, Google, Allianz Life, TransUnion, Farmers Insurance, Air France, KLM, and many other companies have recently announced data breaches resulting from compromised Salesforce or third-party instances. Salesloft announced that it has taken Drift temporarily offline.
An alliance of three hacking groups named “Scattered LapSus$ Hunters” consisting of ShinyHunters, LAPSUS$, and Scattered Spider gangs has claimed the cyberattacks. The gangs faced multiple arrests in the past.
Your email address will not be published. Required fields are markedmarked