Salesforce says customer data possibly exposed following incident

Salesforce says customer data possibly exposed following incident

Salesforce said Thursday it is investigating “unusual activity” involving Gainsight-published applications that may have exposed customer data.

In a brief statement published to its status portal, Salesforce said the Gainsight-published applications, which are installed and managed by customers “may have enabled unauthorized access to certain customers' Salesforce data.”

Salesforce said in its message that it had temporarily “revoked all active access” to Gainsight's applications. In an email, the company noted that, “There is no indication that this issue resulted from any vulnerability in the Salesforce platform.”

Gainsight said on its website that “we continue to work closely with Salesforce as they investigate the unusual activity that led to the revocation of access tokens for Gainsight-published applications.” Gainsight didn't immediately return an email for further comment.

Although Reuters could not establish the scope or nature of the incident, hackers have repeatedly exploited the integrations between software-as-service companies like Salesforce and Gainsight to steal data.

Last month, Alphabet's Google said that the exploitation of a weakness at Oracle's E-Business Suite of applications had likely impacted more than 100 companies. In June, Google said hackers had tricked employees of Salesforce clients into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import files, and compromising their data.

Jaime Vasco, the cofounder of Nudge Security, said it was part of an emerging paradigm.

“Attackers don't need to breach the core platform when they can compromise an integration with privileged access,” he said in a post on LinkedIn. Speaking to Reuters, he said: “This is the new attack surface.”

Published - November 21, 2025 09:56 am IST

technology (general) / internet / Artificial Intelligence

Source: TheHindu
Related Posts: Hackers claim theft of 1 billion Salesforce records in UK retail attacks Salesforce CEO apologises for saying Trump should send troops to San Francisco Salesforce CEO hails Gemini 3 as a major breakthrough Over 2.5 billion Gmail users warned by Google after massive Salesforce data breach Salesforce tries to help ICE boost its immigration force Salesforce Layoffs Salesforce CEO Benioff apologises for saying Trump should send troops to San Francisco Salesforce blocks Gainsight tools while it investigates possible data leak US justice department investigating Minnesota Democrats over alleged obstruction of ICE ECB investigating Ben Duckett video amid allegations of drinking at Noosa