Salesforce mentioned on Wednesday that it’s investigating a breach of “sure clients’ Salesforce information” that was compromised by way of apps printed by Gainsight, an organization that sells a platform for different firms to handle their clients.
In a discover printed late Wednesday, Salesforce mentioned the hacks contain “Gainsight-published purposes linked to Salesforce, that are put in and managed immediately by clients.”
Salesforce mentioned that there’s “no indication that this challenge resulted from any vulnerability within the Salesforce platform,” and that the exercise seems associated to Gainsight’s “exterior connection to Salesforce.”
When reached for remark, Salesforce spokesperson Nicole Aranda referred TechCrunch to the corporate’s web page devoted to the incident.
Contact Us
Do you might have extra details about these Salesforce and Gainsight information breaches? Or different information breaches? From a non-work gadget, you possibly can contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram and Keybase @lorenzofb, or e mail. You can also contact TechCrunch by way of SecureDrop.
As of this writing, Gainsight mentioned in a standing web page that it’s investigating a “Salesforce connection challenge,” with out making any reference to a possible breach. “Our inside investigation is ongoing,” Gainsight wrote.
A spokesperson for Gainsight didn’t instantly reply to TechCrunch’s request for remark.
On its web site, Gainsight touts a number of company clients, together with Airtable, Notion, GitLab, and others. When reached by e mail, GitLab spokesperson Emily James instructed TechCrunch that the Gitlab’s “safety group is investigating and we’ll get again to you when we’ve got extra to share.”
Techcrunch occasion
San Francisco
|
October 13-15, 2026
The prolific hacking group ShinyHunters instructed cybersecurity information web site DataBreaches.web that it was behind the breach, including that if Salesforce doesn’t negotiate with them, they may create a brand new web site to promote the stolen information — a standard extortion tactic by financially-motivated cybercriminals.
“The subsequent [data leak site] will comprise the information of the Salesloft and GainSight campaigns,” the hackers instructed DataBreaches.web. The hackers declare to have stolen information from near a thousand firms.
This information breach seems much like an August breach at AI advertising and marketing chatbot maker Salesloft, which allowed the hackers to interrupt into a lot of their clients’ linked Salesforce situations to steal delicate information, comparable to entry tokens for different providers. Among the many victims included insurance coverage big Allianz Life, Bugcrowd, Cloudflare, Google, style conglomerate Kering, Proofpoint, the airline Qantas, carmaker Stellantis, credit score bureau TransUnion, the worker administration platform Workday, and others.
Within the case of the Salesloft breaches, the hacking group Scattered Lapsus$ Hunters, which apparently contains the ShinyHunters gang, claimed accountability.
Final month, the hackers launched a devoted web site to extort the victims of the breaches, the place they threatened to launch a billion data.
On the time, Gainsight confirmed it was among the many victims of the Salesloft-linked breaches, nevertheless it’s unclear if this new wave of hacks originated from its earlier compromise.
