Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Salesforce said Wednesday it was investigating a breach of “Salesforce data for certain customers” that was compromised through applications published by Gainsight, a company that sells a platform to other companies to manage their customers.
In a memo published late WednesdaySalesforce said the breaches involve “applications published by Gainsight connected to Salesforce, which are installed and managed directly by customers.”
Salesforce said there was “no indication that this issue was caused by any vulnerability in the Salesforce platform,” and that the activity appeared to be related to “Gainsight’s external connection to Salesforce.”
When reached for comment, Salesforce spokeswoman Nicole Aranda referred TechCrunch to the company’s page dedicated to the incident.
Contact us
Do you have more information about Salesforce and Gainsight data breaches? Or other data breaches? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or Email. You can also contact TechCrunch via SecureDrop.
As of this writing, Gensite said On the status page They are investigating a “Salesforce connectivity issue,” without noting any potential violation. “Our internal investigation is ongoing,” Gensite wrote.
A Gainsight spokesperson did not immediately respond to TechCrunch’s request for comment.
On its website, Gainsight touts several enterprise clients, including Airtable, Notion, GitLab, and others. When reached via email, GitLab spokesperson Emily James told TechCrunch, “Gitlab’s security team is investigating and we will get back to you when we have more to share.”
TechCrunch event
San Francisco
|
October 13-15, 2026
The prolific hacking group ShinyHunters The cybersecurity news website said DataBreaches.net They were behind the hack, adding that if Salesforce didn’t negotiate with them, they would create a new website to advertise the stolen data — a common extortion tactic used by financially motivated cybercriminals.
“The next (data leak) will contain Salesloft and GainSight campaign data,” the hackers told DataBreaches.net. Hackers claim to have stolen data from nearly a thousand companies.
This data breach appears to be similar to the August 2017 breach AI marketing chatbot maker Salesloftwhich allowed hackers to break into a number of Salesforce instances connected to their customers to steal sensitive data, such as access tokens for other services. Among the victims was the insurance giant Allianz LiveBug Crowd , Cloud Flare , GoogleFashion conglomerate dryProof Point Airlines QantasCar maker excellentcredit bureau TransUnionAn employee management platform Work dayet al.
In the case of the Salesloft breaches, the hacking group Scattered Lapsus$ Hunters, which apparently includes the ShinyHunters gang, Claim responsibility.
last month, Hackers launched a dedicated website To blackmail victims of breaches, threatening to release a billion records.
At that time, Gainsight certain It was among the victims of breaches linked to Salesloft, but it is unclear whether this new wave of hacks arose from the previous compromise.