An update from Elastic on the Salesloft Drift security incident

Our investigation confirmed that Elastic’s Salesforce environment was not impacted. 

However, we did identify exposure of a single email account through the “Drift Email” integration that may have granted an unauthorized actor read-only access to emails received in that inbox.

After scanning the contents of this inbox, we identified a small number of inbound emails that included potentially valid credentials. For each of these cases where we identified a potential credential leak, we notified customers through existing support channels. If you did not receive notice from us, we did not identify you as an affected customer.

After learning of the Drift incident, our Information Security team took immediate action, including:

• Launching a comprehensive investigation: We reviewed access logs, network activity, and system configurations to determine whether any Elastic data had been exposed.

• Disabling Drift integrations: We immediately disabled Drift in our environment to eliminate any further risk.

• Monitoring open source intelligence: We continuously reviewed Indicators of Compromise (IOCs) from various open source research to guide our investigation.

• Coordinating with vendors: We engaged Drift and other critical vendors’ security teams to gather additional logs or information to scope the nature of the incident within their environment and understand any impact to Elastic.

Elastic remains committed to transparency and to protecting our customers’ data.

While we recognize that the cyber threat landscape is dynamic and continuously evolving, the Elastic team is reassured by the outcome of our thorough investigation. We will continue to monitor new information related to the Drift event and maintain vigilance across our vendors. If we learn more about this event, we will update this blog.

If you have any questions or concerns, please contact our support team or your Elastic account representative. We are here to help you.