Salesforce Confirms New Breach Linked to Gainsight Apps

Salesforce is probing unusual activity in Gainsight apps that may have exposed customer data, while ShinyHunters claims a new OAuth-based attack.

Another day, another third-party scare in the Salesforce ecosystem.

Salesforce confirmed that it is investigating “unusual activity involving Gainsight-published applications connected to Salesforce,” according to a security advisory posted on its status page. The company said its investigation indicates the activity “may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection.”

To contain the threat, Salesforce immediately revoked all active access and refresh tokens tied to Gainsight applications and temporarily pulled those apps from the AppExchange. The company stressed that there is “no indication that this issue resulted from any vulnerability in the Salesforce platform,” adding that the suspicious activity appears to be linked to “the app’s external connection to Salesforce.”

Impacted customers have been notified directly ...