"Our investigation indicates this activity may have enabled unauthorized access to certain customers' Salesforce data through the app's connection,"
"Per our update, upon detecting the activity, Salesforce revoked all active access and refresh tokens associated with Gainsight-published applications connected to Salesforce and temporarily removed those applications from the AppExchange while our investigation continues,"
"There is no indication that this issue resulted from any vulnerability in the Salesforce platform," Tsai said."
"The activity appears to be related to the app's external connection to Salesforce."
Salesforce identified suspicious activity involving Gainsight-published applications that are installed and managed directly by customers. The investigation indicates the activity may have enabled unauthorized access to certain customers' Salesforce data through the app's external connection. Salesforce revoked all active access and refresh tokens tied to the affected Gainsight-published applications and temporarily removed those applications from the AppExchange while the investigation continues. Salesforce notified affected customers, declined to disclose the number compromised, and stated there is no indication of a vulnerability in the Salesforce platform. Google analysts tied the activity to ShinyHunters and prior OAuth token compromises.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]