\n<\/p>\n
Salesforce said on Wednesday that it\u2019s investigating a breach of \u201ccertain customers\u2019 Salesforce data\u201d that was compromised through apps published by Gainsight, a company that sells a platform for other companies to manage their customers.\u00a0<\/p>\n
In a notice published late Wednesday<\/a>, Salesforce said the hacks involve \u201cGainsight-published applications connected to Salesforce, which are installed and managed directly by customers.\u201d\u00a0<\/p>\n Salesforce said that there is \u201cno indication that this issue resulted from any vulnerability in the Salesforce platform,\u201d and that the activity appears related to Gainsight\u2019s \u201cexternal connection to Salesforce.\u201d<\/p>\n When reached for comment, Salesforce spokesperson Nicole Aranda referred TechCrunch to the company\u2019s page dedicated to the incident.\u00a0<\/p>\n \t\t\tDo you have more information about these Salesforce and Gainsight data breaches? Or other data breaches? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email<\/a>.<\/a> You also can contact TechCrunch via SecureDrop<\/a>.\t\t<\/div>\n As of this writing, Gainsight said in a status page<\/a> that it is investigating a \u201cSalesforce connection issue,\u201d without making any reference to a potential breach. \u201cOur internal investigation is ongoing,\u201d Gainsight wrote.<\/p>\n A spokesperson for Gainsight did not immediately respond to TechCrunch\u2019s request for comment.<\/p>\n On its website, Gainsight touts several corporate customers, including Airtable, Notion, GitLab, and others. When reached by email, GitLab spokesperson Emily James told TechCrunch that GitLab\u2019s \u201csecurity team is investigating and we\u2019ll get back to you when we have more to share.\u201d<\/p>\n Techcrunch event<\/p>\n \n\t\t\t\t\t\t\t\t\tSan Francisco<\/span> The prolific hacking group ShinyHunters told cybersecurity news website <\/a>DataBreaches.net<\/a> that it was behind the breach, adding that if Salesforce doesn\u2019t negotiate with them, they will create a new website to advertise the stolen data \u2014 a common extortion tactic by financially-motivated cybercriminals.\u00a0<\/p>\n \u201cThe next [data leak site] will contain the data of the Salesloft and GainSight campaigns,\u201d the hackers told DataBreaches.net. The hackers claim to have stolen data from close to a thousand companies.<\/p>\n This data breach appears similar to an August breach at AI marketing chatbot maker Salesloft<\/a>, which allowed the hackers to break into a number of their customers\u2019 connected Salesforce instances to steal sensitive data, such as access tokens for other services. Among the victims included insurance giant Allianz Life<\/a>, Bugcrowd, Cloudflare, Google<\/a>, fashion conglomerate Kering<\/a>, Proofpoint, the airline Qantas<\/a>, carmaker Stellantis<\/a>, credit bureau TransUnion<\/a>, the employee management platform Workday<\/a>, and others.\u00a0<\/p>\n In the case of the Salesloft breaches, the hacking group Scattered Lapsus$ Hunters, which apparently includes the ShinyHunters gang, claimed responsibility<\/a>.\u00a0<\/p>\n Last month, the hackers launched a dedicated website<\/a> to extort the victims of the breaches, where they threatened to release a billion records.\u00a0<\/p>\n At the time, Gainsight confirmed<\/a> it was among the victims of the Salesloft-linked breaches, but it\u2019s unclear if this new wave of hacks originated from its earlier compromise.<\/p>\n<\/div>\nContact Us<\/h4>\n
\n\t\t\t\t\t\t\t\t\t\t\t\t\t|<\/span>
\n\t\t\t\t\t\t\t\t\t\t\t\t\tOctober 13-15, 2026<\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n