Close Menu

Salesforce Flags Unauthorized Access Through Gainsight OAuth

Staff WriterBy No Comments2 Mins Read5 Views

Summary Points

  1. Unauthorized Access Detected: Salesforce identified unusual activity related to Gainsight applications that may have allowed unauthorized access to customer data.

  2. Immediate Actions Taken: Salesforce revoked access tokens and temporarily removed Gainsight applications from its platform while conducting an investigation.

  3. Threat Actor Involvement: The incident is linked to the ShinyHunters group, known for targeting third-party SaaS integrations, affecting nearly 1,000 organizations previously.

  4. Security Recommendations: Organizations are urged to review third-party applications linked to Salesforce, revoke suspicious tokens, and rotate credentials to mitigate risks.

Unauthorized Access Detection

Salesforce has reported unusual activity linked to applications from Gainsight. The company warned that this activity could allow unauthorized access to customer data. Therefore, Salesforce revoked all access and refresh tokens for Gainsight applications. Additionally, it temporarily removed these applications from its AppExchange while conducting a thorough investigation. Although Salesforce did not specify how many customers were affected, it has notified those potentially impacted.

Notably, Salesforce clarified that it found no vulnerabilities in its platform. The suspicious activity appears to stem from the external connection between Gainsight and Salesforce. Consequently, Gainsight has also temporarily pulled its app from the HubSpot Marketplace to reassess its security. Thus far, no suspicious activity related to HubSpot has been observed.

Emerging Threat Landscape

Experts categorize this incident as part of an emerging threat targeting Gainsight-related applications. Recent reports connect the activity to threat actors associated with the ShinyHunters group. This criminal organization previously executed similar attacks against other platforms, including Salesloft. Their operations have reportedly compromised data from nearly 1,000 organizations.

Moreover, Gainsight itself faced an earlier breach involving Salesloft. The attackers accessed sensitive business contact information, such as email addresses and phone numbers. Experts emphasize the growing trend of adversaries targeting OAuth tokens from trusted third-party integrations. Therefore, organizations are encouraged to review their connected applications carefully. They should revoke tokens for any suspicious or unused applications and rotate credentials to enhance security.

Expand Your Tech Knowledge

Stay informed on the revolutionary breakthroughs in Quantum Computing research.

Stay inspired by the vast knowledge available on Wikipedia.

DataProtection-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Comments are closed.