Salesforce Data Breach: Gainsight Incident Impacts Customers

Salesforce Investigates Data Breach Affecting Customer Data

Salesforce announced on Wednesday that it is currently investigating a security incident involving a breach of data belonging to a subset of its customers.

Breach Originates from Gainsight Applications

The compromise reportedly stems from applications published by Gainsight, a company specializing in customer success management platforms. These applications are directly installed and managed by the affected customers.

Salesforce has stated that initial findings indicate no vulnerabilities within the Salesforce platform itself contributed to this issue.

Investigation Status and Initial Responses

The company believes the incident is linked to Gainsight’s external connections to the Salesforce ecosystem. A Salesforce spokesperson, Nicole Aranda, directed inquiries to the company’s dedicated incident page.

As of the current time, Gainsight acknowledges a “Salesforce connection issue” on its status page, but has not yet publicly addressed a potential data breach.

A request for comment sent to a Gainsight spokesperson has not yet received a response.

Affected Companies and Potential Victims

Gainsight lists numerous prominent corporations as clients on its website, including Airtable, Notion, GitLab, and others.

GitLab has confirmed that its security team is actively investigating the situation and will provide updates as they become available.

Extortion Claims by ShinyHunters

The hacking group ShinyHunters has claimed responsibility for the breach, according to cybersecurity news source DataBreaches.net.

They have threatened to publish the stolen data on a new website if Salesforce does not engage in negotiations – a typical tactic employed by financially motivated cybercriminals.

The hackers allege to have obtained data from approximately one thousand companies.

Similarities to the Salesloft Breach

This incident bears resemblance to a breach that occurred in August at Salesloft, an AI marketing chatbot developer.

That breach allowed unauthorized access to connected Salesforce instances belonging to Salesloft’s customers, resulting in the theft of sensitive information, including access tokens.

Notable victims of the Salesloft breach included Allianz Life, Bugcrowd, Cloudflare, Google, Kering, Proofpoint, Qantas, Stellantis, TransUnion, and Workday.

Previous Involvement of Scattered Lapsus$ Hunters

The Salesloft breaches were attributed to the hacking group Scattered Lapsus$ Hunters, which reportedly includes members of ShinyHunters.

Last month, the group launched a website to extort victims of the Salesloft breaches, threatening to release a billion records.

Connection to Prior Compromises

Gainsight previously confirmed being affected by the breaches linked to Salesloft, however, it remains unclear whether this new incident is a continuation of that earlier compromise.