Salesforce mentioned on Wednesday that it’s investigating a breach of “sure prospects’ Salesforce information” that was compromised by way of apps printed by Gainsight, an organization that sells a platform for different firms to handle their prospects.
In a notice published late Wednesday, Salesforce mentioned the hacks contain “Gainsight-published functions linked to Salesforce, that are put in and managed instantly by prospects.”
Salesforce mentioned that there’s “no indication that this problem resulted from any vulnerability within the Salesforce platform,” and that the exercise seems associated to Gainsight’s “exterior connection to Salesforce.”
When reached for remark, Salesforce spokesperson Nicole Aranda referred TechCrunch to the corporate’s web page devoted to the incident.
Contact Us
Do you’ve got extra details about these Salesforce and Gainsight information breaches? Or different information breaches? From a non-work system, you may contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram and Keybase @lorenzofb, or electronic mail. You can also contact TechCrunch by way of SecureDrop.
As of this writing, Gainsight mentioned in a status page that it’s investigating a “Salesforce connection problem,” with out making any reference to a possible breach. “Our inside investigation is ongoing,” Gainsight wrote.
A spokesperson for Gainsight didn’t instantly reply to TechCrunch’s request for remark.
On its web site, Gainsight touts a number of company prospects, together with Airtable, Notion, GitLab, and others. When reached by electronic mail, GitLab spokesperson Emily James informed TechCrunch that GitLab’s “safety crew is investigating and we’ll get again to you when we’ve got extra to share.”
Techcrunch occasion
San Francisco
|
October 13-15, 2026
The prolific hacking group ShinyHunters told cybersecurity news website DataBreaches.net that it was behind the breach, including that if Salesforce doesn’t negotiate with them, they may create a brand new web site to promote the stolen information — a typical extortion tactic by financially-motivated cybercriminals.
“The subsequent [data leak site] will comprise the information of the Salesloft and GainSight campaigns,” the hackers informed DataBreaches.internet. The hackers declare to have stolen information from near a thousand firms.
This information breach seems just like an August breach at AI advertising and marketing chatbot maker Salesloft, which allowed the hackers to interrupt into a lot of their prospects’ linked Salesforce situations to steal delicate information, resembling entry tokens for different providers. Among the many victims included insurance coverage big Allianz Life, Bugcrowd, Cloudflare, Google, style conglomerate Kering, Proofpoint, the airline Qantas, carmaker Stellantis, credit score bureau TransUnion, the worker administration platform Workday, and others.
Within the case of the Salesloft breaches, the hacking group Scattered Lapsus$ Hunters, which apparently contains the ShinyHunters gang, claimed responsibility.
Final month, the hackers launched a devoted web site to extort the victims of the breaches, the place they threatened to launch a billion information.
On the time, Gainsight confirmed it was among the many victims of the Salesloft-linked breaches, nevertheless it’s unclear if this new wave of hacks originated from its earlier compromise.
