Impreza Portal
Sign InMy ServicesMy DomainsMy InvoicesMy Tickets
News
Celebrative Logos
Our Platform
Carbon Removal Commitment
Tutorials
Video TutorialsKnowledge Base
More
UptimeNetwork StatusAffiliatesJobsAbout us
Contact
Submit TicketSend an EmailTelegramReport Abuse
×

New Dedicated Servers in USA just Dropped!

Check our Newest USA Servers with top-tier Hardware and Better Prices! Start today your own Project Online with the Perfect Dedicated Hosting!

Check this out
New Dedicated Servers in USA
HOMEDOMAINS
CONTACT
Login
Sign InCreate an Account
No Comments

Customer Data Exposure Identified in Salesforce–Gainsight Application Connection

 

Salesforce warned of detected “unusual activity” related to Gainsight-published applications connected to the platform.

The company added in an advisory, “Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection.”

Next, the cloud services firm revoked all active access and refresh tokens associated with Gainsight-published applications connected to Salesforce. It also removed those applications from the AppExchange while it continues its investigation.

Salesforce did not disclose how many customers the incident impacted, yet it notified them directly.

Furthermore, the company emphasized, “There is no indication that this issue resulted from any vulnerability in the Salesforce platform.” It also clarified, “The activity appears to be related to the app’s external connection to Salesforce.”

Meanwhile, Gainsight pulled the app from the HubSpot Marketplace out of an abundance of caution and revoked Zendesk connector access. “This may also impact Oauth access for customer connections while the review is taking place,” Gainsight said. “No suspicious activity related to Hubspot has been observed at this point.”

Additionally, Austin Larsen, principal threat analyst at Google Threat Intelligence Group (GTIG), described the situation on LinkedIn as an “emerging campaign” that targets Gainsight-published applications connected to Salesforce by compromising third-party OAuth tokens to potentially gain unauthorized access.

He assessed the activity as tied to threat actors associated with the ShinyHunters (aka UNC6240) group, and he noted that it mirrors a similar wave of attacks targeting Salesloft Drift instances earlier this August.

According to DataBreaches.Net, ShinyHunters confirmed the campaign and stated that the Salesloft and Gainsight attack waves allowed them to steal data from nearly 1,000 organizations.

Interestingly, Gainsight previously reported that the earlier attack impacted it as one of the Salesloft Drift customers. However, investigators still cannot confirm whether that breach triggered the current incident.

During that hack, the attackers accessed business contact details for Salesforce-related content, including names, business email addresses, phone numbers, regional/location details, product licensing information, and support case contents (without attachments).

Larsen also pointed out that “Adversaries are increasingly targeting the OAuth tokens of trusted third-party SaaS integrations.”

Consequently, organizations should review all third-party applications connected to Salesforce, revoke tokens for unused or suspicious applications, and rotate credentials if they detect any anomalies from an integration.

 

Source: TheHackerNews

Read more at Impreza News

You might also like
CyberSecurity, News
CyberSecurity, News

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.