Salesforce Investigates Customer Data Theft Tied to Gainsight App Breach
Salesforce is looking into a security incident after the company discovered unusual activity that involved apps published by Gainsight, a customer-success software company that integrates directly with Salesforce’s environments. The company said that hackers might have obtained unauthorized access to some customers’ data from third-party apps.
Salesforce pointed out on Thursday in an advisory that the event was not the result of a vulnerability or other flaw in Salesforce’s platform. According to the company’s early findings, it looks like the hack relates to compromised external connections established when customers installed Gainsight-published apps from Salesforce’s AppExchange marketplace and approved those connections.
The company has revoked all active access and refresh tokens associated with Gainsight-published apps and moved those apps offline from AppExchange. Affected customers were notified directly. Those who need more assistance can call the Salesforce Help team.
Connections To Previous Large-Scale OAuth Attacks
While Salesforce did not share specifics of affected customers or how many were affected, the attacks are consistent with a similar exploit in August at Salesloft, when the startup was hacked by the ShinyHunters group using stolen OAuth tokens and breached hundreds of Salesforce instances.
The group has now reportedly gained access to another 285 Salesforce
Connect for more updates and more blogs.
0 Comments
If you have any suggestions then please let me know shubhamdarbar60@gmail.com