New Gainsight Supply Chain Hack Could Affect Salesforce Customers – Against Invaders

New Gainsight Supply Chain Hack Could Affect Salesforce Customers - Against Invaders

A new cyber incident could have affected Salesforce customer data three months after the Salesloft Drift hack.

On November 20, customer support platform provider Gainsight said it identified connection failures resulting from Salesforce revoking active access for Gainsight SFDC Connector, which allows Gainsight applications to connect to Salesforce.

In a Salesforce security advisory, also published on November 20, the firm noted it had identified unusual activity involving Gainsight-published applications connected to Salesforce.

This prompted the company to revoke access to all Gainsight applications and temporarily removed them from its AppExchange.

Salesforce assessed that malicious activity may have enabled unauthorized access to its customers’ data through the app’s connection.

“There is no indication that this issue resulted from any vulnerability in the Salesforce platform. The activity appears to be related to the app’s external connection to Salesforce,” the Salesforce advisory reads.

Gainsight also disabled its connections with Hubspot and Zendesk as a precaution measure.

In a later update, the customer support provider said it has engaged Google Cloud-owned Mandiant to assist in the forensic investigation.

Scattered Lapsus$ Hunters Claim the Gainsight Hack

In the blog DataBreaches.net, the author known as ‘Dissent’ said they asked individuals behind the Scattered Spider-ShinyHunters-Lapsus$ collective (sometimes referred to as ‘Scattered Lapsus$ Hunters’), who confirmed they were responsible for the attack targeting Gainsight.

The threat actors also told Dissent they plan to launch another dedicated leak site if Salesforce does not comply with them.

This data leak site (DLS) will contain the data of the Salesloft and Gainsight campaigns. In total this is almost 1000 companies according to the cybercriminal’s claims.

“Only actual companies, mainly Fortune 500 will be listed or things I feel would be worth it. From the Gainsight campaign the large companies were: Verizon, Gitlab, F5, Sonicwall, and others,” the treat actor told DataBreaches.net.

Finally, the group advertised an upcoming ransomware as-a-service (RaaS) offering, allegedly launching on November 24.

Infosecurity contacted Gainsight for comment but did not receive a response by the time of publication.

Photo credits:bluestork /gguy / Shutterstock.com

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.