Is your business data safe? A recent report confirms a significant supply chain breach with potentially far-reaching consequences. Google has revealed that over 200 companies have had their Salesforce data compromised through a vulnerability found in a third-party application. This incident raises serious concerns about the security of cloud-based data and the risks associated with third-party integrations.
Let’s dive into what we know about this breach, who’s responsible, and what measures are being taken to mitigate the damage.
## The Breach and its Impact
The breach, confirmed by Google Threat Intelligence Group’s principal threat analyst Austin Larsen, targeted data stored within Salesforce instances accessed through third-party apps published by Gainsight. The infamous hacking collective “Scattered Lapsus$ Hunters,” which includes the ShinyHunters gang, has claimed responsibility, listing prominent companies like Atlassian, CrowdStrike, DocuSign, LinkedIn, and Verizon as targets. While some targeted companies, like CrowdStrike and Verizon, are pushing back on claims of data compromise, the situation remains fluid.
The hackers exploited an earlier security campaign targeting Salesloft’s Drift platform, then stole authentication tokens allowing them to redirect to connected Salesforce instances and download data. Salesforce has clarified that the incident did not stem from a vulnerability within its own platform but has taken the precaution of revoking active access tokens for Gainsight-connected applications.
## Gainsight and the Investigation
Gainsight is working with Google’s incident response unit, Mandiant, to conduct a thorough forensic analysis. The investigation aims to fully understand the scope of the breach and identify vulnerabilities that led to the data compromise. In the meantime, the incident underscores the importance of rigorous security assessments for all third-party applications integrated with business-critical platforms.
## What’s Next?
According to reports, the hackers plan to launch a dedicated website to extort the victims. This tactic aligns with their past behavior, which involves leveraging social engineering to target major corporations. This incident serves as a stark reminder of the ever-present threat landscape and the need for robust security measures, including regular security audits, strong authentication protocols, and employee training on social engineering tactics. It’s time to re-evaluate your data security posture and ensure you’re not the next victim.
