- Pro
- Security
Effects of the Salesloft breach are still being felt
Comments (0) ()When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Thapana Onphalai via Getty Images)
- Gainsight apps enabled unauthorized Salesforce data access, prompting token revocation and AppExchange removal
- Incident linked to August 2025 Salesloft breach, where OAuth tokens exposed 1.5 billion records
- ShinyHunters used stolen secrets to steal Gainsight customer contact and licensing data
The Salesloft Drift incident seems to have trickled downstream into Gainsight, resulting in hundreds more organizations potentially losing their sensitive data to hackers.
Salesforce has confirmed it saw “unusual activity” involving Gainsight-published applications connected to Salesforce.
- Amazon Black Friday deals are live: here are our picks!
Salesforce says that some of these apps “may have enabled unauthorized access to certain customers’ Salesforce data”, which forced it to revoke all active access and refresh token associated with Gainsight-published applications connected to Salesforce. Furthermore, it temporarily removed the apps from its AppExchange.
You may like-
Google warns Salesloft Drift attack may have compromised Workspace accounts and Salesforce instances
-
Hackers claim they stole 1.5 billion Salesforce records from hundreds of companies in major hack - but are they telling the truth?
-
Hackers claim to have stolen over a billion Salesforce records - and are demanding nearly $1 billion not to leak them
ShinyHunters claim responsibility
“There is no indication that this issue resulted from any vulnerability in the Salesforce platform,” the announcement reads. “The activity appears to be related to the app’s external connection to Salesforce. We have notified known affected customers directly and will continue to provide updates as appropriate.”
Gainsight is a company building a “customer success” platform through which businesses can manage and improve their post-sales relationships with customers (such as onboarding, adoption, retention, or renewal).
The company also builds different apps and integrations, some of which run natively inside Salesforce, while others connect through APIs.
At the same time, BleepingComputer claims the incident is actually a continuation of the August 2025 Salesloft breach.
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.This saw a group of criminals known as "Scattered Lapsus$ Hunters" stole OAuth tokens Salesloft used for its Drift AI chat integration with Salesforce, which gave them direct API access to customers’ Salesforce data.
Using the stolen tokens, they accessed around 760 Salesforce instances, and exfiltrated 1.5 billion records, including passwords, AWS keys, and Snowflake tokens.
Now, a member of that same group, ShinyHunters, told the publication they broke into Gainsight by using secrets stolen in the Salesloft incident.
Gainsight also confirmed that attack, and said the miscreants took business contact details such as names, business email addresses, phone numbers, regional/location details, licensing information, and support case contents.
The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
TOPICS Salesforce Sead FadilpašićSocial Links NavigationSead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
Google warns Salesloft Drift attack may have compromised Workspace accounts and Salesforce instances
Hackers claim they stole 1.5 billion Salesforce records from hundreds of companies in major hack - but are they telling the truth?
Hackers claim to have stolen over a billion Salesforce records - and are demanding nearly $1 billion not to leak them
Palo Alto Networks becomes the latest to confirm it was hit by Salesloft Drift attack
Zscaler says it suffered data breach following Salesloft Drift compromise
Even Cloudflare isn't safe from Salesloft Drift data breaches
Latest in Security
AI agents are fuelling an identity and security crisis for organizations
Gaming and gambling giant IGT reportedly hit by ransomware - here's what we know
China’s PlushDaemon group uses EdgeStepper implant to infect network devices with SlowStepper malware in global supply-chain attacks
Perplexity's Comet AI browser may have some concerning security flaws which could let hacker hijack your device
WordPress plugin with over a million installs may have a worrying security flaw - here's what we know
Fortinet admits it found another worrying zero-day being exploited in attacks
Latest in News
Fitbit's new AI tool wants to take the stress out of your next doctor's visit
How to watch The Ashes 2025-26 highlights on BBC iPlayer — it's *FREE*
'Full Screen Experience' is now coming to all Windows 11 handhelds
Apple might not block Google's clever new AirDrop trick for 3 key reasons
Global cloud wars see AWS increasingly under threat from Microsoft and Google
Upgrading tech could help UK businesses offset time lost on sick leave
LATEST ARTICLES- 1Only one VPN is truly equipped for torrenters, and right now it's 75% off
- 2ChatGPT enters the group chat globally
- 3Fitbit's new AI tool wants to take the stress out of your next doctor's visit
- 4Verizon is laying off over 13,000 workers
- 5Nioh 3’s hectic style switching combat and rewarding exploration have made it my most anticipated game of early 2026
