Incident Overview
Salesforce is currently investigating a data breach that has potentially compromised customer information through applications developed by Gainsight, a notable provider of customer relationship management tools. In a statement, Salesforce indicated that the breach involved “Gainsight-published applications connected to Salesforce, which are directly installed and managed by the users.” This raises significant concerns for businesses relying on these applications, given the nature of the compromised data.
Salesforce Denies Platform Vulnerability
Salesforce has asserted there is no evidence suggesting that the breach resulted from any inherent vulnerability in their platform. The corporation has indicated that the situation seems to stem from Gainsight’s “external connection to Salesforce.” Meanwhile, Gainsight acknowledged on its status page that there were “Salesforce connection issues,” although it refrained from confirming a breach was involved.
ShinyHunters Claims Responsibility
A notorious hacking group known as ShinyHunters has claimed credit for the incident, as reported by the cybersecurity news outlet DataBreaches. They have threatened to publish additional stolen data unless their demands are met, a tactic typical of financially driven cybercriminals. The hackers allege they have compromised data across nearly 1,000 organizations during this breach.
Comparison to Previous Breach
This breach shares similarities with a previous incident involving Salesloft, which occurred in August. In that case, hackers accessed various customers’ Salesforce instances, stealing sensitive data including access tokens for other services. Prominent victims included Allianz Life, Bugcrowd, Cloudflare, Google, and others. The resemblance raises alarms regarding the security frameworks deployed by connected applications.
