Ethical Hacking News
Salesforce has disclosed another third-party breach linked to ShinyHunters, compromising hundreds of its customers' data. The incident highlights the ongoing battle against sophisticated cybersecurity threats and underscores the importance of regular security audits in protecting sensitive information.
Salesforce disclosed another third-party breach linked to ShinyHunters, a notorious threat actor group. The breach involves Gainsight-published applications connected to Salesforce's platform, which may have enabled unauthorized access to customers' data. Hundreds of users may have had their data compromised due to this third-party breach. The incident appears related to the app's external connection to Salesforce and not a vulnerability in Salesforce's own platform. Google's Mandiant incident response team is urging companies to audit their SaaS environments and rotate credentials for unused or suspicious applications.
Salesforce, one of the world's leading customer relationship management (CRM) software providers, has disclosed another third-party breach. The company, which boasts a massive user base across various industries, revealed that suspicious activity on its platform may be linked to ShinyHunters, a notorious threat actor group. This latest incident follows in the footsteps of previous breaches involving the same suspect group.
In a security advisory published late Wednesday, Salesforce revealed that the breach involves Gainsight-published applications connected to its platform, which are installed and managed directly by customers. The suspicious activity may have enabled unauthorized access to certain customers' Salesforce data through the app's connection.
The investigation into this incident is ongoing, with Salesforce revoking all active access and refresh tokens associated with Gainsight-published applications connected to its platform. Additionally, these applications have been temporarily removed from the AppExchange while further investigation continues.
While the exact number of potentially affected customers has not been disclosed by Salesforce, it is acknowledged that hundreds of users may have had their data compromised due to this third-party breach. The company claims there is no indication that this issue resulted from any vulnerability in its own platform but rather appears related to the app's external connection to Salesforce.
Google's Threat Intelligence Group (GTIG) has attributed the activity to ShinyHunters, a group known for carrying out similar attacks in previous incidents. GTIG principal analyst Austin Larsen stated that their team has observed threat actors tied to ShinyHunters compromising third-party OAuth tokens to potentially gain unauthorized access to Salesforce customer instances.
In light of this incident, Google's Mandiant incident response team is working with Salesforce to notify potentially affected organizations and urging all companies to "view this as a signal to audit their SaaS environments," including conducting regular reviews of all third-party applications connected to their Salesforce instances. Companies are advised to investigate and revoke tokens for unused or suspicious applications and rotate the credentials immediately upon detecting any anomalous activity.
This latest breach serves as another reminder of the importance of vigilance in protecting corporate data, particularly when dealing with third-party vendors that can sometimes pose security risks. As cybersecurity threats continue to evolve, companies must remain proactive in monitoring their SaaS environments to ensure the integrity of sensitive information.
The incident highlights the need for businesses to thoroughly assess and regularly update their security protocols against potential vulnerabilities. In an era where data breaches are increasingly common and sophisticated attacks are being carried out by well-organized threat actor groups like ShinyHunters, cybersecurity awareness has become a critical component of corporate risk management strategies.
Related Information:
https://www.ethicalhackingnews.com/articles/Salesforce-Hit-by-Third-Party-Security-Incident-ShinyHunters-Fingerprints-Found-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/11/20/salesforce_gainsight_breach/
https://www.bleepingcomputer.com/news/security/meet-shinysp1d3r-new-ransomware-as-a-service-created-by-shinyhunters/
https://en.wikipedia.org/wiki/ShinyHunters
Published: Thu Nov 20 16:07:31 2025 by llama3.2 3B Q4_K_M
