Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity

The Hacker News by The Hacker News
November 21, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Nov 21, 2025Ravie LakshmananData Breach / SaaS Security

Salesforce has warned of detected “unusual activity” related to Gainsight-published applications connected to the platform.

“Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection,” the company said in an advisory.

The cloud services firm said it has taken the step of revoking all active access and refresh tokens associated with Gainsight-published applications connected to Salesforce. It has also temporarily removed those applications from the AppExchange as its investigation continues.

Salesforce did not disclose how many customers were impacted by the incident, but said it has notified them.

DFIR Retainer Services

“There is no indication that this issue resulted from any vulnerability in the Salesforce platform,” the company added. “The activity appears to be related to the app’s external connection to Salesforce.”

Out of an abundance of caution, the Gainsight app has been temporarily pulled from the HubSpot Marketplace. “This may also impact Oauth access for customer connections while the review is taking place,” Gainsight said. “No suspicious activity related to Hubspot has been observed at this point.”

In a post shared on LinkedIn, Austin Larsen, principal threat analyst at Google Threat Intelligence Group (GTIG), described it as an “emerging campaign” targeting Gainsight-published applications connected to Salesforce.

The activity is assessed to be tied to threat actors associated with the ShinyHunters (aka UNC6240) group, mirroring a similar set of attacks targeting Salesloft Drift instances earlier this August.

According to DataBreaches.Net, ShinyHunters has confirmed the campaign is their doing and stated that the Salesloft and Gainsight attack waves allowed them to steal data from nearly 1000 organizations.

Interestingly, Gainsight previously said it was also one of the Salesloft Drift customers impacted in the previous attack. But it’s not clear at this stage if the earlier breach played a role in the current incident.

CIS Build Kits

In that hack, the attackers accessed business contact details for Salesforce-related content, including names, business email addresses, phone numbers, regional/location details, product licensing information, and support case contents (without attachments).

“Adversaries are increasingly targeting the OAuth tokens of trusted third-party SaaS integrations,” Larsen pointed out.

In light of the malicious activity, organizations are advised to review all third-party applications connected to Salesforce, revoke tokens for unused or suspicious applications, and rotate credentials if anomalies are flagged from an integration.



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
INTAMSYS lanceert de FUNMAT PRO 310 APOLLO: Het herdefiniëren van continue productie met hoge snelheid, hoge-sterkte PAEK 3D-printen

INTAMSYS lanceert de FUNMAT PRO 310 APOLLO: Het herdefiniëren van continue productie met hoge snelheid, hoge-sterkte PAEK 3D-printen

Recommended.

Imposter scams cost older adults 0 million in 2024, FTC finds: Some victims are ‘clearing out’ their 401(k)s

Imposter scams cost older adults $700 million in 2024, FTC finds: Some victims are ‘clearing out’ their 401(k)s

August 8, 2025
How AI Could Help Combat Antibiotic Resistance

How AI Could Help Combat Antibiotic Resistance

April 29, 2026

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Anaconda Extends AI-Native Application Development With Acquisition

Anaconda Extends AI-Native Application Development With Acquisition

May 1, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026
AT&T Vs. Verizon: How The Country’s Biggest Carriers Fared In Q4 2025

AT&T Vs. Verizon: How The Country’s Biggest Carriers Fared In Q4 2025

January 30, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio