Salesforce is investigating suspicious activity involving Gainsight-connected apps, which may have led to unauthorized access to customer data. The company has revoked tokens and temporarily removed the applications from its marketplace to protect users. #Gainsight #OAuthTokens
Keypoints
- Salesforce detected suspicious activity involving Gainsight-powered applications affecting customer environments.
- Hackers, linked to ShinyHunters, exploited OAuth tokens to access Salesforce customer data without authorization.
- Over 200 instances of potential compromise have been reported during the ongoing campaign.
- Salesforce has revoked all active and refresh tokens associated with the affected applications as a precaution.
- Security teams are advised to audit SaaS environments and rotate credentials if suspicious activity is identified.
Read More: https://www.cybersecuritydive.com/news/salesforce-investigating-customer-connected-Gainsight/806093/