Salesforce has revoked tokens related to Gainsight applications amid a new wave of data theft targeting customer data, with the investigation ongoing. This incident resembles previous attacks involving stolen OAuth tokens from Salesloft, affecting multiple major organizations. #Salesforce #Gainsight #ShinyHunters #Salesloft #OAuthTokens
Keypoints
- Salesforce revoked tokens connected to Gainsight applications following suspicious activity.
- The security breach does not involve a vulnerability in Salesforceβs CRM platform itself.
- Attackers accessed customer contact details, support cases, and licensing information.
- This incident is similar to the August 2025 Salesloft breach involving the ShinyHunters group.
- Multiple organizations, including Google and Cloudflare, were affected by the previous breach.