More than 200 organizations may have had their Salesforce instances compromised following the breach of connected apps by Gainsight, The Register reports.Third-party OAuth tokens have been leveraged by attackers associated with ShinyHunters to infiltrate the Salesforce instances, echoing the hacking group's attack campaign months ago, according to Google Threat Intelligence Group principal analyst Austin Larsen. All active access and refresh tokens linked to Gainsight apps have already been quashed by Salesforce, which also removed the impacted apps from AppExchange amid an ongoing investigation."There is no indication that this issue resulted from any vulnerability in the Salesforce platform. The activity appears to be related to the app's external connection to Salesforce," said Salesforce spokesperson Allen Tsai.Such a development should prompt organizations to conduct software-as-a-service environment audits, including reviews for Salesforce-connected third-party apps, noted Larsen, who also called for the revocation of unused or suspicious apps' tokens and the prompt rotation of credentials upon detection of suspicious activity.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




