The Record reports:
Cloud giant Salesforce warned customers of a potential data breach on Wednesday evening after discovering “unusual activity” related to a third-party application called Gainsight.
Salesforce posted a message on its website saying an investigation revealed that the activity “may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection.”
Gainsight is a platform built to help customers track sales data and customer information. Salesforce said once the activity was detected, it “revoked all active access and refresh tokens associated with Gainsight-published applications connected to Salesforce and temporarily removed those applications from the AppExchange” while the investigation continues.
“There is no indication that this issue resulted from any vulnerability in the Salesforce platform. The activity appears to be related to the app’s external connection to Salesforce,” the company said. “We have notified known affected customers directly and will continue to provide updates as appropriate.”
Read more at The Record.
Yesterday, Bleeping Computer reported that ShinyHunters claimed they gained access to another 285 Salesforce instances after breaching Gainsight via secrets stolen in the Salesloft drift breach. The threat actors also told DataBreaches.net that they planned to launch another leak site if Saleforce doesn’t comply with them.
“The next DLS will contain the data of the Salesloft and GainSight campaigns, which is, in total, almost 1000 organisations,” they stated.
