On Friday, August 22, Rubrik was notified by Salesforce that they had detected unusual activity with the third-party Drift application published by Salesloft, suggesting potential unauthorized access to Rubrik’s Salesforce instance.
We have no evidence that this supply chain incident involved Rubrik’s software code, products, the data secured by those products on behalf of our customer or Rubrik’s internal network.
Upon detection, Salesforce reportedly disabled all instances of the Drift software on Wednesday, August 20 to contain the incident. The Drift application was also removed from the Salesforce AppExchange. Out of an abundance of caution, Rubrik also disabled the Drift application and the connection to the Salesforce instance.
After receiving notice, Rubrik promptly activated our incident response protocols, and engaged leading third-party cybersecurity experts to support our internal investigation.
While our investigation is ongoing, we have discovered evidence that certain information stored in Rubrik’s Salesforce instance was accessed by an unauthorized user leveraging illegitimate access to the Drift application.
In the event that we uncover evidence of unauthorized access to sensitive information from Rubrik’s Salesforce instance, we will notify any impacted individuals and organizations to the extent necessary as part of our commitments to them and in accordance with applicable laws and regulations.
We are committed to transparency and providing relevant updates to our impacted community.