Loading
Yanuki
ARTICLE DETAIL
Salesforce Data Breach Impacts Over 200 Companies Via Gainsight | Drone Strikes on AWS: A Wake-Up Call for Cloud Resilience | Conduent Data Breach Balloons, Affecting Millions of Americans | JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites | Lazarus APT Remote-Worker Scheme Captured Live | 7-Zip RCE Vulnerability (CVE-2025-11001) Under Active Exploitation | Malicious VS Code Extension and NPM Packages Target Developers | SentinelOne’s AI Partnerships: Redefining Cloud Security? | Ukraine Phishing Campaign and Cisco Firewall Vulnerabilities | Salesforce Data Breach Impacts Over 200 Companies Via Gainsight | Drone Strikes on AWS: A Wake-Up Call for Cloud Resilience | Conduent Data Breach Balloons, Affecting Millions of Americans | JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites | Lazarus APT Remote-Worker Scheme Captured Live | 7-Zip RCE Vulnerability (CVE-2025-11001) Under Active Exploitation | Malicious VS Code Extension and NPM Packages Target Developers | SentinelOne’s AI Partnerships: Redefining Cloud Security? | Ukraine Phishing Campaign and Cisco Firewall Vulnerabilities

Security / Data Breach

Salesforce Data Breach Impacts Over 200 Companies Via Gainsight

A significant data breach has impacted over 200 companies using Salesforce, stemming from a vulnerability in apps published by Gainsight, a customer support platform provider. This supply chain attack highlights the increasing risks associa...

Salesforce says customer data possibly exposed following incident
Share
X LinkedIn

cybersecurity news today
Salesforce Data Breach Impacts Over 200 Companies Via Gainsight Image via Reuters

Key Insights

  • Hackers, potentially linked to the Scattered Lapsus$ Hunters group, compromised OAuth tokens to gain unauthorized access to Salesforce customer instances.
  • Google Threat Intelligence Group (GTIG) identified over 200 potentially affected Salesforce instances. **Why this matters:** This widespread impact underscores the interconnectedness of SaaS ecosystems and the potential for a single vulnerability to expose numerous organizations.
  • Salesforce has revoked active access tokens for Gainsight-connected apps and temporarily removed the apps from its AppExchange marketplace.
  • Several companies, including Docusign, are taking precautionary measures such as terminating Gainsight integrations to contain related data flows.
  • Security experts recommend auditing SaaS environments and reviewing OAuth tokens for suspicious applications to mitigate potential risks.

In-Depth Analysis

The breach originated from an external connection in Gainsight's applications, not directly from a Salesforce platform vulnerability. The Scattered Lapsus$ Hunters group, known for social engineering tactics, claimed responsibility and intends to extort victims via a dedicated website, similar to previous incidents. This incident follows a previous hacking campaign targeting Salesloft Drift, where hackers stole authentication tokens to access linked Salesforce instances.

**How to Prepare:**

1. **Audit SaaS Environments:** Regularly review and audit all third-party SaaS integrations for potential vulnerabilities. 2. **Review OAuth Tokens:** Monitor OAuth tokens for unused or suspicious applications and rotate credentials immediately if unusual activity is detected. 3. **Implement Security Measures:** Consider terminating high-risk integrations as a precaution and ensure robust security protocols are in place for all connected applications.

**Who This Affects Most:**

This breach primarily affects companies that rely heavily on Salesforce and have integrated Gainsight applications into their workflows. Businesses handling sensitive customer data or intellectual property are at the highest risk.

Read source article

FAQ

What is an OAuth token?

An OAuth token is a digital key that allows a third-party application to access a user's data on another service (like Salesforce) without requiring the user to share their login credentials.

How can I check for suspicious activity in my Salesforce environment?

Monitor user activity logs, review connected apps and their permissions, and look for any unusual data access patterns. Salesforce also provides security health checks to identify potential vulnerabilities.

Takeaways

  • This incident highlights the importance of supply chain security and the need for organizations to carefully vet and monitor their third-party integrations.
  • Regularly auditing SaaS environments and OAuth tokens can help detect and prevent unauthorized access.
  • Companies should have incident response plans in place to quickly address and mitigate the impact of potential data breaches.

Discussion

Do you think this trend of supply chain attacks will continue? Let us know in the comments!

Share this article with others who need to stay ahead of this trend!

Sources

Salesforce says customer data possibly exposed following incident Google says hackers stole data from 200 companies following Gainsight breach Salesforce investigating campaign targeting customer environments connected to Gainsight app

Disclaimer

This article was compiled by Yanuki using publicly available data and trending information. The content may summarize or reference third-party sources that have not been independently verified. While we aim to provide timely and accurate insights, the information presented may be incomplete or outdated.

All content is provided for general informational purposes only and does not constitute financial, legal, or professional advice. Yanuki makes no representations or warranties regarding the reliability or completeness of the information.

This article may include links to external sources for further context. These links are provided for convenience only and do not imply endorsement.

Always do your own research (DYOR) before making any decisions based on the information presented.

Related Stories

Security / Outages

Drone Strikes on AWS: A Wake-Up Call for Cloud Resilience

Recent drone strikes on Amazon Web Services (AWS) data centers in the Middle East have exposed critical vulnerabilities in cloud infrastructure, prompting a reassessment of resilience strategies and security protocols.

Iranian drone strikes on Amazon data centers highlight tech’s exposure

Security / Data Breach

Conduent Data Breach Balloons, Affecting Millions of Americans

A significant data breach at Conduent, a government technology giant, has come to light, revealing that it affects millions more Americans than initially reported. The January 2025 ransomware attack, which severely disrupted Conduent's oper...

Data breach at govtech giant Conduent balloons, affecting millions more Americans

Cybersecurity / Cyber Attacks

JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites

Cybersecurity researchers have uncovered a sophisticated campaign named JS#SMUGGLER that leverages compromised websites to distribute the NetSupport RAT (Remote Access Trojan). This multi-stage attack grants cybercriminals extensive control...

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Cybersecurity / Threat Intelligence

Lazarus APT Remote-Worker Scheme Captured Live

A joint investigation has uncovered North Korea's Lazarus Group's infiltration scheme using remote IT workers. Researchers captured operators live, revealing their tactics on controlled sandbox environments, highlighting a sophisticated met...

Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera

Vulnerabilities / Exploits

7-Zip RCE Vulnerability (CVE-2025-11001) Under Active Exploitation

A remote code execution (RCE) vulnerability in 7-Zip, identified as CVE-2025-11001, is actively being exploited in the wild. This flaw allows attackers to execute arbitrary code on affected systems. It is crucial to update 7-Zip to version...

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

Security / Malware

Malicious VS Code Extension and NPM Packages Target Developers

The software development ecosystem is facing increased threats from malicious actors. Recent incidents involve a VS Code extension with ransomware capabilities and NPM packages distributing information-stealing malware, highlighting the imp...

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Security / Security Platforms

SentinelOne’s AI Partnerships: Redefining Cloud Security?

SentinelOne is strengthening its position in cloud security through strategic AI partnerships and innovative integrations. By focusing on agentic security and autonomous solutions, SentinelOne aims to streamline security operations and prov...

Will SentinelOne's (S) New AI Partnerships Redefine Its Competitive Edge in Cloud Security?

Cyber Attacks / Vulnerabilities

Ukraine Phishing Campaign and Cisco Firewall Vulnerabilities

This article summarizes two critical cybersecurity updates: a phishing campaign targeting Ukrainian entities and newly discovered vulnerabilities in Cisco firewalls. Stay informed to protect your systems and data.

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine