Outlook Business Desk
Salesforce is examining suspicious activity linked to applications built by Gainsight, which may have led to customer data exposure. As a safety measure, the company has temporarily disabled access to the impacted tools while the review is under way.
Salesforce said certain Gainsight applications used and administered by customers may have allowed unintended access to some Salesforce information. To reduce any potential impact, the company has halted all access to these applications while the investigation continues.
Salesforce emphasised that its platform remains unaffected, saying current findings do not suggest any internal weakness. The company noted the activity seems tied to external integrations and added that it is still reviewing the overall scope.
Gainsight said it is cooperating with Salesforce as the investigation moves ahead but has not shared further information. Requests for more clarity remain pending as both firms continue reviewing the matter.
Security experts caution that cyber attackers are now focusing on the links between large software platforms. These integrations, though vital for data exchange, can become valuable entry points if not adequately protected across connected systems.
Recent incidents highlight this growing pattern. Google earlier disclosed a weakness in Oracle’s E-Business Suite that impacted numerous organisations, and also revealed that attackers had persuaded Salesforce customer staff to install altered Data Loader tools.
Security researcher Jaime Blasco noted that attackers increasingly avoid well-defended main systems by targeting linked services carrying higher permissions. He said these interconnected tools now represent a key attack surface for modern cybercriminal groups.
A splinter group called Scattered LAPSUS$ Hunters said it stole nearly one billion records from a US cloud services provider using Salesforce tools, mirroring similar data-theft incidents earlier linked to major UK retailers.