Google says hackers stole data from 200 companies following Gainsight breach

A significant data breach has been confirmed by Google, revealing that hackers have compromised Salesforce data belonging to more than 200 companies. This alarming incident was linked to a breach involving Gainsight, a platform that provides customer support services to various enterprises. On Thursday, Salesforce disclosed that certain customer data had been breached, although it did not specify which companies were impacted. Austin Larsen, principal threat analyst at Google Threat Intelligence Group, indicated that over 200 Salesforce instances might be at risk due to this breach. The notorious hacking group Scattered Lapsus$ Hunters, which includes members of the ShinyHunters gang, took responsibility for the hack via a Telegram channel observed by TechCrunch. They claimed to have targeted several high-profile firms, including Atlassian, CrowdStrike, Docusign, and Verizon, among others. While Google refrained from naming specific victims, CrowdStrike's spokesperson assured that their company was not affected by the Gainsight breach and that all customer data remains secure. In a related development, CrowdStrike disclosed that they had terminated a ‘suspicious insider’ for allegedly leaking information to hackers. Gainsight's security was compromised due to a prior campaign that targeted Salesloft customers, which allowed hackers to steal authentication tokens and access linked Salesforce accounts. Gainsight confirmed its involvement as a victim in that earlier incident. Salesforce stated that this breach should not be attributed to any vulnerabilities within its platform. Instead, Gainsight has been actively publishing updates about the incident and is collaborating with Google’s incident response unit, Mandiant, to conduct an in-depth investigation. As a precaution, Salesforce has temporarily revoked active access tokens related to Gainsight-connected applications while the investigation continues. Gainsight has also reported that it is notifying affected customers regarding the stolen data. In a concerning twist, the Scattered Lapsus$ Hunters have announced plans to launch an extortion website targeting the victims of this breach, continuing their trend of threatening companies following similar incidents. This group is known for employing social engineering tactics to gain access to corporate systems, having previously targeted high-profile entities such as MGM Resorts and Coinbase.