Salesforce has launched an investigation into a spate of customer data theft incidents following a breach at a third-party application provider.
In a statement on Thursday 20 November, the CRM giant revealed it had revoked access and refresh tokens for Gainsight-published applications as part of its response to the breach.
Gainsight is a software as a service (SaaS) provider specializing in customer success and product experience, available to Salesforce customers via the company’s App Exchange platform.
“Salesforce has identified unusual activity involving Gainsight-published applications connected to Salesforce, which are installed and managed directly by customers,” the company said in an advisory.
Salesforce noted that a preliminary investigation suggests the breach could have enabled “unauthorized access to certain customers’ Salesforce data” through Gainsight connections.
“Upon detecting the activity, Salesforce revoked all active access and refresh tokens associated with Gainsight-published applications connected to Salesforce and temporarily removed those applications from the AppExchange while our investigation continues,” the advisory added.
Exact details on the scope of the incident and those affected are yet to be revealed. However, Salesforce confirmed that affected customers have been notified.
Gainsight the latest third-party incident for Salesforce
The Gainsight incident marks the latest third-party application breach for Salesforce in recent months.
Earlier this year, the Salesloft Drift attack impacted hundreds of companies including Google, Zscaler, Cloudflare, and Palo Alto Networks.
Hackers gained access to sensitive customer data through compromised OAuth tokens associated with the third-party application.
Brian Soby, CTO and co-founder at AppOmni, said the scale of Gainsight integrations means this latest incident could have equally wide-reaching implications for an array of businesses.
“Gainsight is widely deployed and tightly connected to Salesforce, Slack, Google, Microsoft, and numerous other SaaS environments,” he said. “Because of that footprint, customers now have to quickly identify every location where Gainsight was integrated.”
Soby added that the Gainsight incident once again highlights “persistent weaknesses” in SaaS supply chain security practices.
“The attack closely mirrors the earlier Drift breach, which also targeted Salesforce, Google Workspace, and other widely used SaaS platforms,” he told ITPro.
“The scale of the Gainsight compromise underscores that many organizations did not apply the lessons they should have learned from Drift, leaving large portions of their SaaS supply chain exposed.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
