The company’s investigation revealed that this suspicious activity resulted in unauthorized access to specific customer data stored in Salesforce environments.
Upon discovery, Salesforce took immediate action to contain the incident.
The affected applications were installed and managed directly by customers, exposing organizations that had deployed these third-party tools within their Salesforce instances.
This breach highlights the significant security risks posed by third-party application integrations on enterprise cloud platforms, demonstrating how supply chain vulnerabilities can compromise customer data even when core infrastructure remains secure.
Once Salesforce detected the suspicious activity, the company responded with swift containment measures.
All active access tokens and refresh tokens associated with Gainsight-published applications connected to Salesforce were immediately revoked, effectively terminating the unauthorized actors’ ability to maintain persistent access to customer environments.
Additionally, Salesforce temporarily removed Gainsight-published applications from the AppExchange marketplace while the investigation continues.
This precautionary measure prevents new customers from installing potentially compromised applications during the security review period.
Salesforce emphasized that the breach did not result from any vulnerability within the Salesforce platform itself, but rather stems from compromised external connections between the applications and Salesforce.
The breach demonstrates how external threat actors can exploit third-party integrations to access enterprise data.
Salesforce has directly notified known affected customers about the incident and remains committed to providing continued updates as the investigation progresses.
Organizations that rely on integrated applications must carefully monitor their third-party dependencies and implement robust security measures.
| Aspect | Details |
|---|---|
| Affected Component | Gainsight-published applications on Salesforce AppExchange |
| Vulnerability Type | Compromised third-party application integration |
| Access Vector | Unauthorized access via application tokens |
| Impact | Unauthorized access to customer data in Salesforce environments |
| Severity | High |
| Mitigation | Token revocation, application removal from marketplace |
| Status | Contained, investigation ongoing |
Enterprise customers are advised to maintain an inventory of installed third-party applications, regularly audit their access permissions, and implement monitoring for unusual authentication activities.
Organizations should establish processes for rapid token revocation during security incidents to minimize the window of exposure for potential unauthorized access.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
The post Salesforce Confirms Customers’ Data Was Accessed Following the Gainsight Breach appeared first on Cyber Security News.
If you’re after some new games for your Switch 2, you’re in luck, as Ninja…
A Pokémon fan has been able to fund his own wedding, after rediscovering a trio…
The DJI Mini 4K is an excellent quadcopter drone camera for beginners looking to try…
long-press.js is a small JavaScript library which detects and handles the long press/tap event on…
Tension: We perform listening instead of practicing presence, creating distance while appearing close. Noise: The…
Tension: The command-and-control leadership that built successful companies in 2010 now creates anxious, depleted teams.…
This website uses cookies.