Salesforce has launched an investigation into a spate of customer data theft incidents following a breach at a third-party application provider.
In a statement on Thursday 20 November, the CRM giant revealed it had revoked access and refresh tokens for Gainsight-published applications as part of its response to the breach.
Gainsight is a software as a service (SaaS) provider specializing in customer success and product experience, available to Salesforce customers via the company’s App Exchange platform.
“Salesforce has identified unusual activity involving Gainsight-published applications connected to Salesforce, which are installed and managed directly by customers,” the company said in an advisory.
Salesforce noted that a preliminary investigation suggests the breach could have enabled “unauthorized access to certain customers’ Salesforce data” through Gainsight connections.
“Upon detecting the activity, Salesforce revoked all active access and refresh tokens associated with Gainsight-published applications connected to Salesforce and temporarily removed those applications from the AppExchange while our investigation continues,” the advisory added.
Exact details on the scope of the incident and those affected are yet to be revealed. However, Salesforce confirmed that affected customers have been notified.
Gainsight the latest third-party incident for Salesforce
The Gainsight incident marks the latest third-party application breach for Salesforce in recent months.
Earlier this year, the Salesloft Drift attack impacted hundreds of companies including Google, Zscaler, Cloudflare, and Palo Alto Networks.
Hackers gained access to sensitive customer data through compromised OAuth tokens associated with the third-party application.
Brian Soby, CTO and co-founder at AppOmni, said the scale of Gainsight integrations means this latest incident could have equally wide-reaching implications for an array of businesses.
“Gainsight is widely deployed and tightly connected to Salesforce, Slack, Google, Microsoft, and numerous other SaaS environments,” he said. “Because of that footprint, customers now have to quickly identify every location where Gainsight was integrated.”
Soby added that the Gainsight incident once again highlights “persistent weaknesses” in SaaS supply chain security practices.
“The attack closely mirrors the earlier Drift breach, which also targeted Salesforce, Google Workspace, and other widely used SaaS platforms,” he told ITPro.
“The scale of the Gainsight compromise underscores that many organizations did not apply the lessons they should have learned from Drift, leaving large portions of their SaaS supply chain exposed.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- These five countries recorded the most third-party data breaches last year
- How to help your customers close gaps in their supply chain
- Insurance sector urged to sharpen up third-party risk management as attacks surge
-
Dell Technologies targets private cloud gains with new Azure Local featuresNews Dell and Microsoft are teaming up to offer private cloud on Azure Local for a simplified hybrid solution
-
Dell Pro Max 16 Plus laptop reviewReviews The Pro Max 16 ticks almost all the mobile workstation boxes, but you'll need to love numeric keypads
-
The Salesloft hackers claim they have 1.5 billion compromised Salesforce recordsNews Dozens of big tech companies have been impacted by the Salesloft Drift attacks
-
How to check if you’ve been affected by Salesforce attacks – and stop hackers dead in their tracksNews The FBI has issued a fresh advisory over the threat posed to Salesforce customers by two threat groups. Here's how you can stay safe and mitigate any risks.
-
Warning issued to Salesforce customers after hackers stole Salesloft Drift dataNews Customers were targeted through compromised OAuth access tokens from Salesloft Drift integrations
-
The Allianz Life data breach just took a huge turn for the worseNews Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
-
Everything we know about the Workday data breach so farNews HR technology firm Workday has confirmed a data breach after threat actors gained access to a third-party CRM platform.
-
Google cyber researchers were tracking the ShinyHunters group’s Salesforce attacks – then realized they’d also fallen victimNews In an update to an investigation on the ShinyHunters group, Google revealed it had also been affected
-
Salesforce-based phishing attacks surge 109% since the start of 2024News Threat analysts have uncovered a sophisticated phishing attack imitating emails from Salesforce that are likely bypassing many business email filters
