Salesforce is investigating potential unauthorized access to customer data via the Gainsight platform, linked to the threat group Scattered LAPSUS$ Hunters. The incident is similar to a previous breach involving Salesloft Drift, affecting hundreds of organizations including Gainsight. #ScatteredLAPSUS$Hunters #SalesloftDrift
Keypoints
- Salesforce detected unusual activity involving Gainsight-connected applications.
- Unauthorized access may have occurred through the app’s external connection, not via Salesforce vulnerabilities.
- Scattered LAPSUS$ Hunters has claimed responsibility, affecting nearly 300 organizations so far.
- The incident resembles a previous breach involving the Salesloft Drift platform.
- Salesforce has revoked access tokens and removed the affected applications from the AppExchange for mitigation.