Salesforce mentioned on Wednesday that it’s investigating a breach of “sure clients’ Salesforce information” that was compromised by way of apps printed by Gainsight, an organization that sells a platform for different corporations to handle their clients.
In a notice published late Wednesday, Salesforce mentioned the hacks contain “Gainsight-published purposes linked to Salesforce, that are put in and managed immediately by clients.”
Salesforce mentioned that there’s “no indication that this challenge resulted from any vulnerability within the Salesforce platform,” and that the exercise seems associated to Gainsight’s “exterior connection to Salesforce.”
When reached for remark, Salesforce spokesperson Nicole Aranda referred TechCrunch to the corporate’s web page devoted to the incident.
Contact Us
Do you might have extra details about these Salesforce and Gainsight information breaches? Or different information breaches? From a non-work gadget, you may contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or through Telegram and Keybase @lorenzofb, or e mail. You can also contact TechCrunch through SecureDrop.
As of this writing, Gainsight mentioned in a status page that it’s investigating a “Salesforce connection challenge,” with out making any reference to a possible breach. “Our inner investigation is ongoing,” Gainsight wrote.
A spokesperson for Gainsight didn’t instantly reply to TechCrunch’s request for remark.
On its web site, Gainsight touts a number of company clients, together with Airtable, Notion, GitLab, and others. When reached by e mail, GitLab spokesperson Emily James instructed TechCrunch that the Gitlab’s “safety group is investigating and we’ll get again to you when we’ve extra to share.”
Techcrunch occasion
San Francisco
|
October 13-15, 2026
The prolific hacking group ShinyHunters told cybersecurity news website DataBreaches.net that it was behind the breach, including that if Salesforce doesn’t negotiate with them, they are going to create a brand new web site to promote the stolen information — a typical extortion tactic by financially-motivated cybercriminals.
“The following [data leak site] will comprise the info of the Salesloft and GainSight campaigns,” the hackers instructed DataBreaches.internet. The hackers declare to have stolen information from near a thousand corporations.
This information breach seems just like an August breach at AI advertising and marketing chatbot maker Salesloft, which allowed the hackers to interrupt into a variety of their clients’ linked Salesforce cases to steal delicate information, similar to entry tokens for different companies. Among the many victims included insurance coverage large Allianz Life, Bugcrowd, Cloudflare, Google, trend conglomerate Kering, Proofpoint, the airline Qantas, carmaker Stellantis, credit score bureau TransUnion, the worker administration platform Workday, and others.
Within the case of the Salesloft breaches, the hacking group Scattered Lapsus$ Hunters, which apparently consists of the ShinyHunters gang, claimed responsibility.
Final month, the hackers launched a devoted web site to extort the victims of the breaches, the place they threatened to launch a billion data.
On the time, Gainsight confirmed it was among the many victims of the Salesloft-linked breaches, but it surely’s unclear if this new wave of hacks originated from its earlier compromise.
