UPDATE: Google has confirmed that hackers have stolen sensitive data from over 200 companies in a massive supply chain breach linked to Gainsight. The breach was disclosed by Salesforce on October 26, 2023, revealing that data was compromised through applications published by Gainsight, a customer support platform.
Authorities are reporting that the notorious hacking group, Scattered Lapsus$ Hunters, including the infamous ShinyHunters gang, has claimed responsibility for this breach. The group made the announcement in a Telegram channel, stating that they targeted significant firms like Atlassian, CrowdStrike, Docusign, and Verizon.
Google Threat Intelligence Group’s principal threat analyst, Austin Larsen, stated, “We are aware of more than 200 potentially affected Salesforce instances.” This alarming breach has raised serious concerns about data security for companies relying on Salesforce services.
In a swift response to the breach, Salesforce emphasized that there is “no indication that this issue resulted from any vulnerability in the Salesforce platform,” distancing itself from the implications of the breach. Gainsight has confirmed its involvement and is actively cooperating with Mandiant, Google’s incident response unit, to investigate further.
As part of their investigation, Salesforce has temporarily revoked active access tokens for all Gainsight-connected applications, a precautionary measure prompted by unusual activities reported during the breach. Gainsight assured that it is committed to a thorough forensic analysis as part of a comprehensive review.
WHAT TO WATCH FOR: The Scattered Lapsus$ Hunters group has announced plans to launch a dedicated website to extort victims of this breach by next week, a tactic they previously employed following similar incidents. The hackers have previously targeted high-profile companies, including MGM Resorts and Coinbase, raising alarm about their operational methods that often involve social engineering tactics to manipulate employees into granting access to sensitive data.
Many affected companies have yet to respond to inquiries regarding their involvement. Kevin Benacci, a spokesperson for CrowdStrike, stated, “We are not affected by the Gainsight issue and all customer data remains secure.” Meanwhile, Malwarebytes is investigating the breach and remains vigilant about the potential implications for its clients.
This developing story underscores the urgent need for companies to enhance their cybersecurity measures and reassess their data protection strategies. With the rise in cyber threats, organizations must remain proactive in safeguarding their sensitive information.
As investigations unfold, companies are urged to remain alert and take immediate action to protect their systems. The implications of this breach could extend far beyond the initial data theft, potentially affecting customer trust and corporate reputations.
Stay tuned for further updates as this story develops. The ramifications of this breach are likely to reverberate across the tech industry, making it imperative for organizations to act swiftly to mitigate risks.