Google Confirms Hackers Stole Salesforce Data of Over 200 Companies in Supply Chain Hack
Google has officially confirmed that hackers managed to steal the Salesforce-stored data of more than 200 companies in a massive supply chain hack. The breach was disclosed by Salesforce on Thursday, revealing that the stolen data was taken via apps published by Gainsight, a company that offers customer support platforms to other businesses.
Austin Larsen, the principal threat analyst of Google Threat Intelligence Group, stated that Google is aware of more than 200 potentially affected Salesforce instances. Following Salesforce’s announcement of the breach, the hacking group known as Scattered Lapsus$ Hunters, which includes the ShinyHunters gang, claimed responsibility for the hacks in a Telegram channel.
The hackers claimed responsibility for breaching companies like Atlassian, CrowdStrike, Docusign, F5, GitLab, Linkedin, Malwarebytes, SonicWall, Thomson Reuters, and Verizon. Although Google did not disclose specific victims, CrowdStrike confirmed that they were not affected by the Gainsight issue.
Verizon spokesperson Kevin Israel mentioned that the company is aware of the claim by the threat actor but did not provide any evidence to support it. Malwarebytes, on the other hand, stated that their security team is actively investigating the matter.
Thomson Reuters and Docusign are also investigating the breach, with Docusign’s chief information security officer confirming that they have not found any indication of data compromise at this time. However, out of caution, they have terminated all Gainsight integrations and contained related data flows.
The hackers from the ShinyHunters group revealed that they gained access to Gainsight through a previous hacking campaign targeting customers of Salesloft, thus compromising Gainsight entirely. Salesforce and Gainsight did not provide specific comments on the issue.
Conclusion
As the investigation into the breach continues, Gainsight is working with Google’s incident response unit Mandiant to uncover more details. Salesforce has taken precautionary measures by revoking active access tokens for Gainsight-connected apps while the investigation is ongoing. The Scattered Lapsus$ Hunters group has threatened to launch a dedicated website to extort victims of their latest campaign.
It is imperative for companies to remain vigilant and implement robust security measures to protect their data from cyber threats. The collaboration between tech companies and security experts is crucial in identifying and mitigating the risks posed by sophisticated hacking groups like Scattered Lapsus$ Hunters.
This article was updated to include comments from Docusign, Thomson Reuters, and Verizon.
