Google confirms over 200 client records compromised via Gainsight App, not direct platform flaw.
Google has officially confirmed that sensitive data belonging to over 200 corporate clients stored on the Salesforce platform has been compromised in a sophisticated cyber-attack.
The incident is being classified as a severe Supply Chain Hack. Attackers did not exploit a direct vulnerability within Salesforce but instead gained access through a third-party application provided by Gainsight, a customer relationship management platform vendor.
Austin Larsen, a Senior Threat Analyst at the Google Threat Intelligence Group, stated that Google detected anomalies and verified that more than 200 Salesforce instances were affected.
This confirmation follows a statement from Salesforce last Thursday, which acknowledged a data compromise involving some customers via the Gainsight application. Salesforce strongly maintained that the breach was not due to a defect in its platform.
Hackers Name Major Firms; Victims Push Back
The hacker group responsible, calling themselves “Scattered Lapsus$ Hunters” (which includes members of the notorious ShinyHunters cyber gang), publicly claimed responsibility and named several multinational organisations allegedly affected, including Atlassian, CrowdStrike, Docusign, F5, GitLab, LinkedIn, Malwarebytes, SonicWall, Thomson Reuters, and Verizon.