Salesforce has reported another significant breach connected to a third-party vendor, Gainsight, which has compromised customer data. A security advisory from Salesforce revealed unusual activity in Gainsight applications integrated with Salesforce environments. The Google Threat Intelligence Group has reported awareness of more than 200 potentially impacted Salesforce instances, indicating a serious scale of the incident. This breach shares similarities with earlier attacks targeting the Salesloft Drift integration with Salesforce, impacting over 700 customers in a previous instance.
The threat group behind these attacks appears to be associated with known campaigns, raising concerns about the security of third-party integrations with Salesforce. Salesforce took precautionary measures by revoking access to tokens that enabled unauthorized access to customer data. While no vulnerabilities within Salesforce itself have been identified, the breach exposes the risks associated with external application connections. Gainsight, which has around 1,000 customers including major enterprises, has initiated its investigation into the matter and temporarily removed its app from other platforms as a precaution.
As the investigation continues, there is uncertainty regarding the full scope of the breach. Recent history shows that attackers linked to the previous Salesloft Drift incidents had gained undetected access to environments for extended periods. Gainsight has not disclosed how its access tokens may have been compromised, contributing to the lack of clarity around potential impacts on its customer base.
👉 Pročitaj original: CyberScoop
