Salesforce Instances Hacked via Gainsight Integrations

The infamous ShinyHunters hackers have targeted customer-managed Gainsight-published applications to steal data from Salesforce instances.

The ShinyHunters hacking group has launched a new data theft campaign against Salesforce customers, exploiting Gainsight integrations to access their instances.

Immediately after discovering the incident, Salesforce revoked all active access and tokens associated with the Gainsight applications connected to its platform. It temporarily removed the applications from the platform while investigating the attack.

“Salesforce has identified unusual activity involving Gainsight-published applications connected to Salesforce, which are installed and managed directly by customers. Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection,” Salesforce said on Thursday morning.

Salesforce said it notified the affected customers directly, but did not share details on how many organizations might have been affected. In the meantime, access to Gainsight via Salesforce remains unavailable.

On Thursday evening, Gainsight revealed that ...