Salesforce says some of its customers’ data was accessed after Gainsight breach

Salesforce said connected Wednesday that it’s investigating a breach of “certain customers’ Salesforce data” that was compromised done apps published by Gainsight, a institution that sells a level for different companies to negociate their customers. 

In a announcement published precocious Wednesday, Salesforce said the hacks impact “Gainsight-published applications connected to Salesforce, which are installed and managed straight by customers.” 

Salesforce said that determination is “no denotation that this contented resulted from immoderate vulnerability successful the Salesforce platform,” and that the enactment appears related to Gainsight’s “external transportation to Salesforce.”

When reached for comment, Salesforce spokesperson Nicole Aranda referred TechCrunch to the company’s leafage dedicated to the incident. 

As of this writing, Gainsight said in a presumption page that it is investigating a “Salesforce transportation issue,” without making immoderate notation to a imaginable breach. “Our interior probe is ongoing,” Gainsight wrote.

A spokesperson for Gainsight did not instantly respond to TechCrunch’s petition for comment.

On its website, Gainsight touts respective firm customers, including Airtable, Notion, GitLab, and others. When reached by email, GitLab spokesperson Emily James told TechCrunch that the Gitlab’s “security squad is investigating and we’ll get backmost to you erstwhile we person much to share.”

The prolific hacking radical ShinyHunters told cybersecurity quality website DataBreaches.net that it was down the breach, adding that if Salesforce doesn’t negociate with them, they volition make a caller website to advertise the stolen information — a communal extortion maneuver by financially-motivated cybercriminals. 

“The adjacent [data leak site] volition incorporate the information of the Salesloft and GainSight campaigns,” the hackers told DataBreaches.net. The hackers assertion to person stolen information from adjacent to a 1000 companies.

This information breach appears akin to an August breach astatine AI selling chatbot shaper Salesloft, which allowed the hackers to interruption into a fig of their customers’ connected Salesforce instances to bargain delicate data, specified arsenic entree tokens for different services. Among the victims included security elephantine Allianz Life, Bugcrowd, Cloudflare, Google, manner conglomerate Kering, Proofpoint, the hose Qantas, carmaker Stellantis, recognition bureau TransUnion, the worker absorption level Workday, and others. 

In the lawsuit of the Salesloft breaches, the hacking radical Scattered Lapsus$ Hunters, which seemingly includes the ShinyHunters gang, claimed responsibility. 

Last month, the hackers launched a dedicated website to extort the victims of the breaches, wherever they threatened to merchandise a cardinal records. 

At the time, Gainsight confirmed it was among the victims of the Salesloft-linked breaches, but it’s unclear if this caller question of hacks originated from its earlier compromise.