Salesforce has announced that it is currently investigating a breach that has affected “certain customers’ Salesforce data.” The breach is believed to have been facilitated through apps developed by Gainsight, a company that provides a platform for businesses to manage their customer interactions.
According to a statement released by Salesforce on Wednesday, the breach involves “Gainsight-published applications connected to Salesforce, which are installed and managed directly by customers.” The investigation is ongoing, with Salesforce stating that there is no evidence to suggest that the breach stemmed from a vulnerability within the Salesforce platform itself. Instead, the breach appears to be linked to Gainsight’s external connection to Salesforce.
In response to inquiries, Salesforce spokesperson Nicole Aranda directed individuals to the company’s dedicated page addressing the incident. Meanwhile, Gainsight has acknowledged that it is investigating a “Salesforce connection issue” on its status page, without explicitly mentioning a breach. The company has assured that its internal investigation is underway.
Gainsight boasts a number of prominent corporate clients, including Airtable, Notion, and GitLab. Following the breach, GitLab’s security team is actively investigating the situation and will provide updates as necessary.
The hacking group ShinyHunters has claimed responsibility for the breach, stating that they will create a new website to advertise the stolen data if Salesforce does not negotiate with them. This type of extortion tactic is commonly employed by cybercriminals seeking financial gain. The hackers have reportedly accessed data from nearly a thousand companies.
This breach mirrors a similar incident in August involving Salesloft, a marketing chatbot company, where hackers gained access to customers’ connected Salesforce instances. The victims included a range of high-profile companies, such as Allianz Life, Google, and TransUnion. The hackers behind the Salesloft breach have also been linked to the recent Gainsight breach.
Gainsight has confirmed its involvement in the Salesloft-related breaches from last month, but it remains unclear whether the current wave of hacks is connected to the previous incident. The situation is evolving, and both Salesforce and Gainsight are working diligently to address the breach and mitigate any potential damage.