Ethical Hacking News
Salesforce has alerted its users to potential data exposure via Gainsight OAuth apps due to unusual activity detected in these integrations. The company has revoked all affected app tokens and removed them from AppExchange while conducting an investigation. This incident highlights the ongoing threat of cyberattacks and the importance of robust security measures.
Salesforce alerted its users to potential data exposure via Gainsight OAuth apps on November 21, 2025. The activity is believed to be related to the app's external connection to Salesforce. Gainsight revoked all app tokens and pulled the apps from AppExchange to protect customers' data. The issue was not caused by a vulnerability in Salesforce's platform, but rather by the misuse of the Gainsight OAuth app's connection. ShinyHunters, a group known for targeting major companies, is believed to be behind the attack and has claimed responsibility for the breaches.
Salesforce, a leading cloud-based customer relationship management (CRM) platform, has alerted its users to potential data exposure via Gainsight OAuth apps. The notification, issued on November 21, 2025, was prompted by the discovery of unusual activity involving Gainsight-published applications connected to Salesforce.
According to the company, this activity may have enabled unauthorized access to certain customers' Salesforce data through the app's external connection. Salesforce confirmed that no platform flaw was found in this incident, and the activity appears to be related to the app's external connection to Salesforce.
The company revoked all Gainsight app tokens and pulled the apps from AppExchange after detecting suspicious external activity. This move aims to protect its customers' data and prevent any potential security breaches.
In a statement, Salesforce emphasized that the issue was not caused by any vulnerability in their platform but rather by the misuse of the Gainsight OAuth app's connection. The company has taken proactive measures to mitigate this risk and ensure the safety of its users' data.
Gainsight, an analytics platform provider, also issued a statement regarding the incident. Although it is unclear whether the current breach connects to the earlier Salesloft Drift attack that compromised business contact data tied to Salesforce content, Gainsight has confirmed that it was among the affected customers in that previous incident.
The attackers behind this campaign are believed to be ShinyHunters, a group known for targeting other major companies and organizations. DataBreaches.Net reported that ShinyHunters has claimed responsibility for both waves of attacks, which stole data from nearly 1,000 organizations.
In an interview with DataBreaches.Net, the spokesperson for ShinyHunters stated that they plan to launch another dedicated leak site if Salesforce does not comply with their demands. This threat highlights the escalating nature of cyberattacks and the importance of vigilance in protecting sensitive information.
The incident serves as a reminder of the ongoing struggle against cyber threats and the need for organizations to maintain robust security measures. As the landscape of cybersecurity continues to evolve, companies must stay vigilant and adapt their strategies to counter emerging risks.
Related Information:
https://www.ethicalhackingnews.com/articles/Salesforce-Data-Exposure-A-Gainsight-OAuth-App-Alert-ehn.shtml
https://securityaffairs.com/184896/hacking/salesforce-alerts-users-to-potential-data-exposure-via-gainsight-oauth-apps.html
https://cybersecuritynews.com/salesforce-gainsight-breach/
Published: Fri Nov 21 04:39:48 2025 by llama3.2 3B Q4_K_M
