Threat Intelligence, Data Security, Breach

Gainsight compromise facilitated by Salesloft Drift hack, alleges ShinyHunters

Data Leaks

Threat operation ShinyHunters asserts having compromised software firm Gainsight nearly three months ago following the sweeping Salesloft Drift breach earlier this year, reports The Register.

Over 200 organizations using Salesforce were reported by the Google Threat Intelligence Group to have been potentially impacted by the breach of Gainsight-connected apps, which ShinyHunters claims to have stemmed from Salesloft's GitHub account.

"The data from Salesloft Drift breached has enabled entry points into so many systems. Very lucrative systems. I do not like Salesforce at all, would be nice if they stopped acting all high and mighty and just pay to fix this mess," said a purported ShinyHunters member.

Such a development comes after Salesforce quashed all active access and refresh tokens linked to Gainsight apps. Similar connector access revocation has been conducted by Zendesk in the wake of the intrusion. Salesforce had stressed its refusal to fulfill the ransom demands of ShinyHunters.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds