Salesforce has launched an investigation into what it calls "unusual activity" involving applications published by Gainsight that potentially exposed sensitive customer information. The cloud software giant has taken the precautionary measure of temporarily suspending access to all affected tools while the security probe continues.
Access to Gainsight Applications Temporarily Suspended
In an official update posted on its status website, Salesforce revealed that certain Gainsight-developed applications, which customers install and manage independently, might have enabled unauthorized access to Salesforce data. The company has revoked all active access to these applications as a security measure, though it emphasized that there's no evidence suggesting the issue originated from vulnerabilities in its core platform.
Salesforce confirmed it is actively working to determine the full scope and impact of the security incident. Meanwhile, Gainsight has acknowledged cooperation with Salesforce in the ongoing investigation but has not provided additional details about the nature of the breach or the number of customers potentially affected.
Growing Security Risks in Software Integrations
While the exact scale and specifics of the Salesforce-Gainsight incident remain unclear, cybersecurity experts note an alarming trend of attackers increasingly targeting integration points between major software-as-a-service platforms. These connective interfaces, designed to enable seamless data sharing between different systems, have become prime targets for cybercriminals when not properly secured.
Jaime Blasco, cofounder of Nudge Security, highlighted this emerging threat landscape. "This is the new attack surface," Blasco told Reuters, explaining that attackers often bypass heavily fortified core platforms by exploiting connected services that typically have elevated permissions. He further elaborated on LinkedIn that these integration points have become primary targets for sophisticated cyberattacks.
Recent Incidents Highlight Integration Vulnerabilities
The Salesforce-Gainsight investigation follows several high-profile security incidents that underscore the vulnerability of software integrations. Last month, Google disclosed that a security flaw in Oracle's E-Business Suite likely impacted more than 100 organizations. Earlier this year, Google also revealed that attackers successfully convinced employees at Salesforce customer organizations to install compromised versions of Salesforce's Data Loader tool, enabling unauthorized access to sensitive information.
In a separate incident last month, cybercriminals associated with ransomware attacks on UK retailers claimed responsibility for stealing nearly one billion records from Salesforce. The hacking group, operating under the name Scattered LAPSUS$ Hunters, told Reuters they accessed substantial personal data by targeting organizations using Salesforce products. Security researchers identify this group as UNC6040 and note their reliance on social engineering tactics to compromise victims.
The group appears to be a splinter faction of the broader LAPSUS$ gang and has claimed responsibility for breaches affecting major UK retailers including Marks & Spencer, the Co-op, and Jaguar Land Rover earlier this year. Google's Threat Intelligence Group continues to monitor this threat actor's activities.
