Published 14 hours ago • loading... • Updated 5 hours ago

Salesforce Says Customer Data Possibly Exposed Following Incident

On Thursday, Salesforce revoked all active access and refresh tokens for Gainsight-published apps and removed them from the AppExchange, with spokesperson Allen Tsai saying `There is no indication that this issue resulted from any vulnerability in the Salesforce platform`.
A prior Salesloft-linked breach exposed OAuth tokens, and Gainsight confirmed it was breached via stolen OAuth tokens tied to Salesloft's Drift, exposing contact and support data.
Google Threat Intelligence Group observed threat actors tied to ShinyHunters compromising OAuth tokens, while Salesforce notified impacted customers and referred them to Salesforce Help, Larsen said Thursday.
ShinyHunters claimed access to another 285 Salesforce instances, while prior Salesloft attacks affected around 760 companies and 1.5 billion records; last month, hackers launched an extortion website threatening to release a billion records.
Security guidance urged firms to audit SaaS environments and investigate and revoke tokens for unused or suspicious Gainsight-published applications, recommending to rotate credentials on anomalies.

Insights by Ground AI

11 Articles

Salesforce says customer data possibly exposed following incident

(Corrects name of cybersecurity expert cited in paragraph 7)By Raphael SatterWASHINGTON :Salesforce said Thursday it is investigating “unusual activity” involving Gainsight-published applications that may have exposed customer data.In a brief statement published to its status portal, Salesf

5 hours ago·Singapore

Read Full Article

CyberScoop

Center

Hundreds of Salesforce customers hit by yet another third-party vendor breach

Salesforce said yet another breach involving a third-party vendor has compromised customers’ data, warning in a security advisory late Wednesday that it detected unusual activity in Gainsight applications connected to Salesforce customer environments. “Google Threat Intelligence Group is aware of more than 200 potentially affected Salesforce instances,” Austin Larsen, principal analyst at GTIG, told CyberScoop. The breach shares strong similari…

7 hours ago

Read Full Article

The Register

Center

Salesforce flags another third-party security incident

They keep coming back for more Salesforce has disclosed another third-party breach in which criminals - likely ShinyHunters (again) - may have accessed its customers' data.…

10 hours ago

Read Full Article

TechCrunch

Center

Salesforce says some of its customers' data was accessed after Gainsight breach

Salesforce said it’s investigating an incident where hackers compromised some of its customers' data after breaching customer experience company Gainsight.

11 hours ago·United States

Read Full Article

BleepingComputer

Center

Salesforce investigates customer data theft via Gainsight breach

Salesforce says it revoked refresh tokens linked to Gainsight-published applications while investigating a new wave of data theft attacks targeting customers.

18 hours ago

Read Full Article