Hackers stole data from 200 companies due to Gainsight breach: Google confirms massive attack
Hackers stole data from more than 200 companies stored in Salesforce, Google announced after releasing information about the incident with the Gainsight platform. This leak became part of a massive supply chain attack, which affected several well-known companies.
What is known
According to Google Threat Intelligence analyst Austin Larsen, more than 200 Salesforce instances were affected. Salesforce itself confirmed the breach of 'individual client data', but did not name specific companies. It is known that the leak occurred due to third-party Gainsight applications for customer service. Gainsight previously used Salesloft Drift tools, through which attackers gained access to authentication tokens.
Responsibility for the attack was taken by the group Scattered Lapsus$ Hunters, associated with the hacker groups ShinyHunters, Lapsus$, and Scattered Spider. On their Telegram channel, it is stated that the attack affected a number of major companies: Atlassian, Docusign, GitLab, CrowdStrike, Malwarebytes, SonicWall, Thomson Reuters, Verizon, and others.
CrowdStrike assured that its data was not affected, although it dismissed a suspected insider. Docusign reported that they did not detect any compromise, but disabled all Gainsight integrations as a security measure. Thomson Reuters, Malwarebytes, and Verizon confirmed that they are investigating the situation.
Gainsight, in turn, stated that the incident is not related to a vulnerability in the Salesforce platform, but was caused by an external integration. Currently, it is cooperating with Google Mandiant for an independent analysis, and Salesforce has temporarily revoked active Tokens of Gainsight applications.
Scattered Lapsus$ Hunters announced the launch of a website by next week to blackmail their victims.
Source: TechCrunch
