In August, Salesforce instances were hit hard by cybercriminals. Hackers obtained customer data through an integration with the automation tool Salesloft. Now there has been another leak affecting Salesforce customers via a third party: Gainsight. Both parties are conducting investigations, with Google Mandiant among those involved.
Salesforce refers to “unusual activity related to Gainsight applications.” Initially, Gainsight appeared to be unaware of this when the tool’s connection to the Salesforce platform was severed, according to the status page. Later, Gainsight also disappeared from the Hubspot Marketplace and Zendesk. Google’s Mandiant security team has now been called in to conduct a forensic investigation. Gainsight confirms Salesforce’s claim that there is no Salesforce vulnerability.
Thousands of customers, unclear who is affected
Gainsight has over 1,000 customers, more than 200 of whom may have affected Salesforce instances. That is the finding of Google Threat Intelligence Group, as reported to CyberScoop. Salesloft Drift, the integration that caused problems in August, affected approximately 700 victims. Cloudflare, PagerDuty, Palo Alto Networks, and Zscaler were among those affected. This was a different leak than the wave of Salesforce data theft in the spring, which affected Adidas and Chanel , among others. Gainsight itself was also affected by the Salesloft leak.
It remains to be seen who exactly is affected by the new Gainsight leak. Salesforce has not disclosed when it became aware of the unusual activity, only that the company shut down the connector with Gainsight shortly thereafter as a precaution.
Customer retention
When Gainsight is working properly, it helps organizations retain their customers in the form of a “customer success platform.” Once connected to a CRM such as Salesforce, Gainsight can group customer data and assign a score. The idea is to provide timely warnings about customer churn and identify opportunities to expand the customer base or the package a customer purchases. Automation is possible via workflows and playbooks. Gainsight can be run within Salesforce as a tab and without an additional login screen.