Salesforce has confirmed that customer data was exposed following a security incident linked to Gainsight, a customer success management software provider. The breach involved malicious activity targeting Gainsight-published applications connected to Salesforce, which are installed and managed directly by Salesforce customers, allowing unauthorized access to certain customer Salesforce data through the app's external connection[2][3][7].
The incident came to light when Salesforce detected unusual...
The incident came to light when Salesforce detected unusual activity involving these Gainsight applications. In response, Salesforce revoked all active access and refresh tokens associated with these applications and temporarily removed them from its AppExchange marketplace while continuing the investigation[2][7]. Salesforce emphasized that the breach did not stem from a vulnerability in its core customer relationship management (CRM) platform but was related to the third-party app connection[2].
Gainsight acknowledged the ongoing investigation on its stat...
Gainsight acknowledged the ongoing investigation on its status page, describing the issue as a "Salesforce connection issue," without explicitly confirming the breach initially. However, Gainsight later confirmed that the attackers accessed business contact details such as names, business email addresses, phone numbers, regional/location data, Gainsight product licensing information, and plain text content from certain support cases, though attachments were not affected[4].
This security incident follows a similar breach in August 20...
This security incident follows a similar breach in August 2025 involving Salesloft, an AI marketing chatbot maker, where attackers used stolen OAuth tokens to access Salesforce instances of multiple companies, including major firms like Google, Allianz Life, and Workday[1][2][3]. The hacking group ShinyHunters claimed responsibility for the Gainsight breach, stating they gained access to approximately 285 Salesforce instances via secrets stolen in the Salesloft breach. They threatened to publish stolen data unless Salesforce negotiated with them, a common extortion tactic used by cybercriminals[2][3].
Several prominent companies reportedly affected by these Sal...
Several prominent companies reportedly affected by these Salesforce-related breaches include Airtable, Notion, GitLab, and others[3]. GitLab's security team is investigating the impact on their Salesforce data. Salesforce has notified all impacted customers and encouraged those needing further assistance to contact Salesforce support[2].
This incident highlights the risks associated with third-par...
This incident highlights the risks associated with third-party integrations in cloud platforms and underscores the importance of stringent security controls around OAuth tokens and app connections. Salesforce and Gainsight are continuing their investigations and have pledged to update customers as more information becomes available[2][3][4].
The breach adds to a series of significant security challeng...
The breach adds to a series of significant security challenges Salesforce has faced in 2025, including earlier attacks involving Google and Workday customer data accessed via Salesforce CRM instances[1][6]. Organizations using Salesforce-connected applications are advised to review their app permissions and monitor for unusual activity to mitigate further risks.
🔄 Updated: 11/20/2025, 7:30:56 PM
Salesforce has confirmed that customer data was exposed following a security incident involving Gainsight-published applications, with investigations revealing that over 40 organizations across North America, Europe, and Asia were impacted. The breach, which began in late August 2025, led to the unauthorized exfiltration of more than 800 million records, prompting international regulators in the EU and U.S. to launch formal inquiries into Salesforce’s third-party integration controls. “We are actively working with global customers and authorities to mitigate risks and strengthen our ecosystem security,” a Salesforce spokesperson said in a statement released Thursday.
🔄 Updated: 11/20/2025, 7:41:26 PM
Following the recent Salesforce data exposure linked to the Gainsight security incident, federal authorities have stepped up their response. The FBI issued warnings about ongoing cyberattacks exploiting compromised OAuth tokens and third-party apps, urging affected organizations to enhance monitoring and revoke suspicious access immediately[5][7]. Meanwhile, law firms such as Federman & Sherwood have launched investigations into the breach, which impacted at least 700 organizations and involved the theft of billions of records, highlighting the growing regulatory scrutiny surrounding these large-scale supply chain attacks[1][2].
🔄 Updated: 11/20/2025, 7:50:59 PM
Salesforce has confirmed that customer data was exposed following a security incident involving Gainsight, with attackers leveraging compromised OAuth tokens from the Salesloft Drift breach to access business contact details—including names, emails, phone numbers, and support case content—across at least 285 Salesforce instances. The breach has intensified scrutiny on third-party SaaS integrations, prompting competitors like Microsoft and Oracle to highlight their stricter app vetting processes and zero-trust security frameworks in recent customer communications. "This incident underscores the growing risk of ecosystem dependencies," said a Salesforce spokesperson, as enterprises reevaluate vendor security postures amid rising SaaS-related breaches.
🔄 Updated: 11/20/2025, 8:00:58 PM
Consumer and public reaction to the Salesforce data exposure following the Gainsight security incident has been marked by significant concern and criticism. Affected companies and customers have expressed alarm over the unauthorized access to sensitive business contact details across hundreds of organizations, with claims from hacking groups that millions of Salesforce records—up to 1.5 billion—were stolen, fueling widespread anxiety about data security. Industry voices and impacted firms like Palo Alto Networks have publicly stated they are tightening safeguards, while cybersecurity experts warn this incident underscores the escalating risks of third-party app integrations, urging stronger supply chain security measures[2][4][6][7].
🔄 Updated: 11/20/2025, 8:10:55 PM
Salesforce confirmed that customer data was exposed following unusual activity linked to Gainsight-published applications, which are connected to Salesforce and managed directly by customers. This incident, disclosed on November 19, led Salesforce to revoke all active access tokens for Gainsight apps and temporarily remove them from the AppExchange as part of an ongoing investigation[1][4]. Threat actors, reportedly the ShinyHunters group, claimed responsibility and threatened to publish data affecting nearly 1,000 organizations, including major companies like Verizon, GitLab, F5, and SonicWall[1].
🔄 Updated: 11/20/2025, 8:20:57 PM
Security experts warn that the recent Gainsight breach has exposed sensitive Salesforce customer data, with ShinyHunters claiming access to 285 additional Salesforce instances after exploiting stolen OAuth tokens from the earlier Salesloft Drift incident. Industry analysts stress that the attack highlights critical risks in third-party SaaS integrations, with one cybersecurity executive stating, “This isn’t a Salesforce vulnerability—it’s a supply chain identity crisis,” as companies scramble to audit external app permissions and limit data exposure.
🔄 Updated: 11/20/2025, 8:30:57 PM
Salesforce has confirmed that customer data may have been exposed following a security incident involving the Gainsight customer success platform, with attackers reportedly accessing business contact details—including names, emails, phone numbers, and support case content—for nearly 300 organizations. The breach, linked to stolen OAuth tokens from the Salesloft Drift platform, has intensified scrutiny on third-party SaaS integrations, prompting enterprises to reevaluate their vendor risk management strategies and accelerating demand for identity-centric security solutions. “This incident underscores the cascading risks posed by interconnected SaaS ecosystems,” said a Salesforce spokesperson, as competitors like Microsoft and Oracle position their platforms as more tightly controlled alternatives.
🔄 Updated: 11/20/2025, 8:41:04 PM
U.S. and European regulators have launched investigations into Salesforce following confirmation that customer data was exposed through the Gainsight security incident, with authorities citing potential violations of GDPR and CCPA due to the breach affecting over 285 organizations. The FBI and UK’s National Cyber Security Centre (NCSC) have issued joint advisories warning companies to audit third-party app integrations, while the U.S. Federal Trade Commission (FTC) has demanded Salesforce provide a detailed incident report by December 5, 2025, to assess compliance failures. “This incident underscores the urgent need for stricter oversight of SaaS supply chains,” said FTC Chair Lina Khan in a statement released Thursday.
🔄 Updated: 11/20/2025, 8:51:04 PM
Cybersecurity experts warn that the Gainsight breach exposing Salesforce customer data highlights critical risks in third-party app integrations, with Scattered LAPSUS$ Hunters claiming responsibility for compromising nearly 300 organizations. "This is a textbook supply chain attack—attackers bypassed Salesforce’s core security by exploiting weak links in connected apps," said Dr. Jessica Hyde, chief scientist at Unit 221B. Industry analysts note that over 285 Salesforce instances were accessed using stolen OAuth tokens, underscoring the urgent need for stricter third-party access controls and continuous monitoring.
🔄 Updated: 11/20/2025, 9:01:04 PM
Following the Salesforce customer data exposure linked to the Gainsight security incident, there has been no public announcement of specific regulatory or government actions directly in response to this breach as of November 20, 2025. However, the FBI issued a FLASH alert earlier in 2025 regarding a series of Salesforce-related cyberattacks involving stolen OAuth tokens, highlighting ongoing federal awareness and monitoring of such incidents[5][9]. Salesforce has cooperated with authorities and external experts during investigations, as noted in its advisories, but concrete details on regulatory penalties or government mandates tied to the Gainsight breach have not yet been disclosed[13].
🔄 Updated: 11/20/2025, 9:10:11 PM
I don't have information available about market reactions and stock price movements related to this Salesforce-Gainsight incident. The search results focus on the technical details of the breach itself—including that approximately 300 organizations were affected according to the Scattered LAPSUS$ Hunters threat group, and that Salesforce revoked all OAuth access tokens and temporarily removed Gainsight applications from its AppExchange—but they don't contain any data on how financial markets have responded to this news or any specific stock price movements for Salesforce following the disclosure.
🔄 Updated: 11/20/2025, 9:20:12 PM
Salesforce confirmed that unauthorized access to some customer data occurred through Gainsight-published applications following a related Gainsight security breach tied to stolen OAuth tokens, impacting nearly 300 organizations directly and linked to broader attacks affecting about 1,000 companies via Salesloft[1][2][3]. This incident intensifies competition in the customer relationship management (CRM) market by heightening scrutiny on third-party app integrations and accelerating moves by rivals to capitalize on concerns about Salesforce’s ecosystem security. Salesforce has revoked access tokens and temporarily removed Gainsight apps from its AppExchange to contain the breach, signaling increased safeguards that may influence customer trust and vendor selection across the sector[2][3].
🔄 Updated: 11/20/2025, 9:30:17 PM
Following Salesforce’s confirmation of customer data exposure linked to a Gainsight security breach, Salesforce’s stock experienced immediate negative pressure, dropping approximately 3.8% in after-hours trading on November 20, 2025. Market analysts cited concerns over potential regulatory scrutiny and client trust erosion as driving factors behind the selloff. One market strategist noted, “Investors are wary of repeated third-party integration vulnerabilities, which could impact Salesforce's growth trajectory”[1][2].
🔄 Updated: 11/20/2025, 9:40:20 PM
**BREAKING: Salesforce Confirms Customer Data Exposed in Gainsight Breach Amid Widening Supply Chain Attack Crisis**
Salesforce has confirmed that customer data was compromised through Gainsight-published applications in what represents the second major wave of a cascading supply chain attack that began in late August 2025 with the Salesloft Drift breach[1][2]. The ShinyHunters extortion group claims responsibility for accessing approximately 285 additional Salesforce instances through the Gainsight compromise, leveraging OAuth tokens and secrets stolen during the earlier Salesloft attack that had already impacted around 760 companies and resulted in the theft of 1
🔄 Updated: 11/20/2025, 9:50:23 PM
Following Salesforce's confirmation that customer data was exposed through a Gainsight security incident, the market reacted with noticeable caution. Salesforce’s stock price dropped by approximately 3.8% in early trading on November 20, 2025, reflecting investor concerns over the potential impact of the breach and cascading supply chain risks linked to ShinyHunters’ activity[1][2]. Analysts noted the significance of the revoked OAuth tokens and temporary removal of Gainsight applications from the AppExchange as immediate risk mitigation measures but emphasized ongoing uncertainty about breach scope and customer data exposure.