Gainsight CEO downplays breach, says only a 'handful' of customers had data stolen

Gainsight CEO Chuck Ganapathi downplayed the victim count related to his company's recent breach, saying he's only aware of "a handful of customers" who had their data affected after Salesforce flagged unusual activity involving Gainsight's connected app.

This contradicts what Google Threat Intelligence Group principal analyst Austin Larsen told The Register last week: "GTIG is aware of more than 200 potentially affected Salesforce instances." Larsen also said ShinyHunters was "likely" behind the digital intrusion, which the extortion crew later confirmed to The Register.

Google's Mandiant incident response team is assisting with the forensic investigation related to the breach.

Salesforce first disclosed the suspicious activity on November 19, and in response, revoked all access and refresh tokens associated with Gainsight-published applications connected to the CRM giant. 

In a Tuesday update and subsequent blog post by Ganapathi, the company said its forensic analysis continues and its Salesforce integration ...