Salesforce investigates possible unauthorized access from Gainsight apps

Salesforce is currently investigating unusual activity from Gainsight applications. The apps may have gained unauthorized access to customer data.

This is reported by Salesforce on its website. “Salesforce has identified unusual activity related to applications published by Gainsight, which are connected to Salesforce and are installed and managed by customers themselves. Our investigations indicate that this activity may have enabled unauthorized access to certain customers' Salesforce data through the app's connection,” the company writes.

After discovering this activity, Salesforce revoked all active access. Salesforce has also initiated the renewal of tokens used by the apps published by Gainsight and connected to Salesforce to gain access. Furthermore, the company has temporarily removed the apps from AppExchange for the duration of the investigations.

No indications of Salesforce vulnerabilities

Salesforce points out that there are no indications that the problem stems from vulnerabilities in the Salesforce platform. The activities appear to originate from the external connections of the apps to Salesforce.

The company intends to contact customers for whom Salesforce has observed unusual activity directly. Salesforce also intends to keep them informed.

In the summer, cybercriminals managed to convince employees of renowned companies through voice phishing to either transmit access credentials to their Salesforce instances directly or to trick them into installing malicious apps from AppExchange. Through these, they then stole sensitive data on a large scale and blackmailed the affected companies with it. The list of companies included Adidas, Asics, Cartier, Chanel, Cisco, Disney/Hulu, FedEx, Fujifilm, Google Adsense, HBO Max, Home Depot, IKEA, KFC, Marriott, McDonald's, Puma, Toyota, Stellantis, and UPS, but also some airlines.

(dmk)