Salesforce told customers Friday (Nov. 21) that it detected unusual activity involving applications published by Gainsight and installed and managed directly by customers.
“Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection,” the company said in a help article published Friday.
Salesforce disabled the connection between Gainsight-published applications and Salesforce on Thursday (Nov. 20), meaning customers will not be able to connect those applications until further notice, according to the article.
The company will continue to monitor the threat and will share updates and resources for customers through the help article, it said.
“There is no indication that this issue resulted from any vulnerability in the Salesforce platform,” the company said in the article. “The activity appears to be related to the app’s external connection to Salesforce.”
Gainsight said Thursday on its status page that it was investigating reports of Salesforce connection failures, and it later said that the connection failures resulted from Salesforce revoking active access to the Gainsight SFDC Connector.
Advertisement: Scroll to Continue
In subsequent updates, Gainsight said it was actively investigating the issue, continuing to monitor the situation and would continue to provide updates as information became available.
On Friday at 19:15 UTC, Gainsight provided an update that linked to the Salesforce help article about unusual activity related to Gainsight-published applications.
“We continue to work closely with Salesforce as part of the ongoing investigation,” Gainsight said in the update. “Gainsight-published applications remain disconnected from Salesforce at this time. We will provide further updates as additional information becomes available.”
Telecommunications company Verizon reported in May that 30% of data breaches that occurred during the year ended Oct. 31, 2024, involved third parties such as suppliers, vendors, hosting partners and outsourced IT support providers. That percentage was up from 15% the previous year, the company said.
“While, to some extent, software vendors have long played a part in unintentionally increasing the attack surface for those who use their products and services, over the last two to three years, it has moved from the occasional (and typically minor to moderate) mishap to a much more widespread and insidious problem that can (and sometimes does) have a devastating effect on enterprises,” Verizon said at the time in a press release.
It was reported in September that cybersecurity experts expected the number of attacks on companies’ third-party suppliers to increase this year.