Overview
- Salesforce says unusual activity tied to Gainsight‑published applications may have enabled unauthorized access to some customers’ Salesforce data.
- Upon detection, Salesforce revoked all active access and refresh tokens for the apps, temporarily removed them from the AppExchange, and opened an investigation.
- The company has notified affected customers and directed those needing assistance to the Salesforce Help team.
- Gainsight says it is investigating a “Salesforce connection issue,” with its internal probe ongoing and no new breach confirmation.
- The hacker group ShinyHunters claims broader access, including about 285 Salesforce instances, a claim not verified by Salesforce or Gainsight, as researchers note links to earlier Salesloft token thefts and Google’s GTIG cites ShinyHunters’ involvement with Mandiant helping outreach.