ShinyHunters Hack Salesforce Instances Via Gainsight Apps

Salesforce Revoked Gainsight Authentication Tokens Akshaya Asokan (asokan_akshaya) • November 20, 2025

Customer relationship management giant Salesforce is again notifying customers that hackers may be stealing their data through a third-party app. The San Francisco company late Wednesday disclosed that apps published by Gainsight connected to Salesforce instances may have "enabled unauthorized access."

See Also: Thwarting Cyberthreats in the Power Sector

Gainsight is a customer data management tool. The firm did not respond to a request seeking information on the number of impacted customers but said online it is working with Salesforce and investigating the incident. Salesforce said it revoked the Gainsight app access tokens and temporarily removed the publisher's software from its AppExchange cloud marketplace.

Austin Larsen, a principal threat analyst at Google Mandiant, attributed the hacking to ShinyHunters, a hacking group whose activities overlap with a group the company tracks as UNC6395.

ShinyHunters ...