Salesforce said it found odd activity tied to Gainsight apps that customers install and run. The company said this behavior may have let bad actors reach some customers’ Salesforce data through the apps’ connections.
“Salesforce has identified unusual activity involving Gainsight-published applications connected to Salesforce, which are installed and managed directly by customers. Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection.” reads the notification published by the company.
After spotting the activity, Salesforce took quick steps. It revoked all Gainsight app tokens and temporarily removed the related apps from the AppExchange. The firm said it did not find a flaw in the Salesforce platform itself and that the issue seems linked to how the apps connect to Salesforce from outside.
“Upon detecting the activity, Salesforce revoked all active access and refresh tokens associated with Gainsight-published applications connected to Salesforce and temporarily removed those applications from the AppExchange while our investigation continues.” continues the notification. “There is no indication that this issue resulted from any vulnerability in the Salesforce platform. The activity appears to be related to the app’s external connection to Salesforce.”
Salesforce has contacted customers who may be affected. Users who need help are advised to reach out to Salesforce Help for support.
Security researchers and reporting groups tied the recent campaign to the threat actor known as ShinyHunters. Google’s GTIG and DataBreaches.Net linked the incident to previous attacks that hit other vendors.
ShinyHunters reportedly confirmed responsibility as well. “Unfortunately, yes,” their spokesperson responded, clarifying that the group has targeted Salesforce multiple times. They also said the group plans to publish more stolen data and claimed a large haul across several campaigns. “The next DLS will contain the data of the Salesloft and GainSight campaigns,” they stated, “which is, in total, almost 1000 organisations.”
I wonder if Salesforce acted too hastily cutting ties with Gainsight. Maybe they shouldve investigated further before severing the connection.
Do you think Salesforce made the right call cutting ties with Gainsight? Suspicious app activity or just a cautious move? Lets discuss!
Wow, I cant believe Salesforce cut ties with Gainsight! Suspicious app activity? Whats the tea on this drama?
Why cut ties with Gainsight? Suspicious activity or overreaction? 🤔 Lets discuss in the comments! #Salesforce #Gainsight
I cant believe Salesforce would just cut ties like that without investigating further. Seems a bit rash, dont you think?