"Gainsight CEO Chuck Ganapathi downplayed the victim count related to his company's recent breach, saying he's only aware of "a handful of customers" who had their data affected after Salesforce flagged unusual activity involving Gainsight's connected app. This contradicts what Google Threat Intelligence Group principal analyst Austin Larsen told The Register last week: "GTIG is aware of more than 200 potentially affected Salesforce instances." Larsen also said ShinyHunters was "likely" behind the digital intrusion, which the extortion crew later confirmed to The Register."
"Salesforce first disclosed the suspicious activity on November 19, and in response, revoked all access and refresh tokens associated with Gainsight-published applications connected to the CRM giant. In a Tuesday update and subsequent blog post by Ganapathi, the company said its forensic analysis continues and its Salesforce integration remains disabled, with no word on when the connected app will be back online."
Gainsight's CEO said only a handful of customers had data affected after Salesforce flagged unusual activity from Gainsight's connected app. Google Threat Intelligence Group reported awareness of more than 200 potentially affected Salesforce instances and linked the intrusion to ShinyHunters; the extortion gang later confirmed responsibility. Google’s Mandiant is assisting with forensic investigation. Salesforce revoked all access and refresh tokens for Gainsight-published applications on November 19. Gainsight disabled its Salesforce integration and continues forensic analysis while notifying purportedly affected customers. Zendesk and HubSpot revoked their connectors to Gainsight. Gainsight is investigating GSuite SSO login issues for some customers.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]