Salesforce investigates data breach affecting customers through Gainsight apps
What's the story
Salesforce is probing a data breach that exposed certain customer information via apps developed by Gainsight, a company that offers a platform for businesses to manage their customer relationships. In an official notice, Salesforce said the incident involved "Gainsight-published applications connected to Salesforce, which are installed and managed directly by customers."
Investigation underway
Salesforce confirms no platform vulnerability
Salesforce has confirmed that there is "no indication that this issue resulted from any vulnerability in the Salesforce platform." The company believes the activity is related to Gainsight's "external connection to Salesforce." Gainsight, meanwhile, has acknowledged a "Salesforce connection issue" on its status page but hasn't mentioned anything about a possible breach.
Hacker group involvement
ShinyHunters claims responsibility for breach
The notorious hacking group ShinyHunters has claimed responsibility for the breach, according to the cybersecurity news website DataBreaches. They have threatened Salesforce with a new data leak site if their demands aren't met, a common tactic used by financially-motivated cybercriminals. The hackers say they have stolen data from nearly 1,000 companies in this incident.
Past incidents
Similarities with previous Salesloft breach
This data breach is similar to an August incident involving AI marketing chatbot maker Salesloft. Hackers were able to access several of their customers' connected Salesforce instances and steal sensitive data, including access tokens for other services. Victims included Allianz Life, Bugcrowd, Cloudflare, Google, Kering, Proofpoint, Qantas airline, Stellantis carmaker, TransUnion credit bureau, Workday, among others.