Salesforce has identified and responded to unusual activity involving Gainsight-published applications, which may have led to unauthorized access of customer data. The company is actively investigating, revoking tokens, and removing the apps from the AppExchange while reassuring that no platform vulnerabilities were exploited. #ShinyHunters #OAuthTokens
Keypoints
- Salesforce detected suspicious activity linked to Gainsight applications connected to its platform.
- The company revoked all active tokens and temporarily removed the apps from the AppExchange.
- The incident is believed to involve threat actors associated with the ShinyHunters group.
- Nearly 1,000 organizationsβ data may have been compromised during the attack campaign.
- Organizations are advised to review third-party app connections, revoke suspicious tokens, and rotate credentials.
Read More: https://thehackernews.com/2025/11/salesforce-flags-unauthorized-data.html