Salesforce announced that it is investigating unusual activity involving Gainsight-published applications after discovering that the integrations may have exposed certain customers’ Salesforce data. According to a statement posted on Salesforce’s status portal, the affected applications — which customers install and manage within their own environments — may have enabled unauthorized access to customer data. As a precaution, Salesforce revoked all active access to Gainsight’s apps. The company emphasized that there is currently no evidence suggesting the incident stemmed from a vulnerability in the Salesforce platform itself.
Gainsight acknowledged the situation on its website, confirming that it is working closely with Salesforce to understand the activity that prompted the revocation of access tokens for its applications. While Gainsight did not immediately respond to further inquiries, the incident has already raised concerns about the broader risks associated with software integrations across cloud platforms.
Cybersecurity experts note that attackers are increasingly targeting third-party integrations rather than core platforms. These integrations often hold powerful permissions, making them valuable entry points for unauthorized access. Jaime Vasco, cofounder of Nudge Security, highlighted this shift, explaining that attackers can exploit privileged integrations without compromising a company’s main infrastructure. He described this trend as a new and expanding attack surface.
Recent incidents across the tech ecosystem underscore this pattern. Just last month, Google revealed that a security weakness within Oracle’s E-Business Suite had potentially impacted more than 100 organizations. Earlier this year, Google also reported that hackers tricked employees of Salesforce customers into downloading a modified version of Salesforce’s Data Loader tool, granting attackers access to sensitive data.
As Salesforce and Gainsight continue their investigation, the incident serves as a reminder of the growing importance of securing third-party integrations within cloud environments. Companies relying on SaaS tools must enhance their monitoring and adopt tighter controls to prevent unauthorized access through privileged integrations.


OpenAI GPT-5.6 Set for Wider Release After U.S. Commerce Approval, Report Says
SoftBank Corp Partners With Sierra to Expand AI Customer Support Across Japan
Zhipu AI Raises HK$31.37 Billion in Discounted Share Sale to Accelerate AI Growth
Samsung to Launch First Yongin Chip Plant by 2029 as South Korea Speeds Up Semiconductor Hub
Mastercard Explores Sale of Majority Stake in UK Payments Firm Vocalink: Report
Apple Sues OpenAI, Former Employees Over Alleged Trade Secret Theft
China 618 Smartphone Sales Drop 13% as Higher Prices Hurt Demand, Huawei Gains Market Share
Morgan Stanley Says China’s Reusable Rocket Progress Poses Long-Term Challenge to SpaceX
Yaskawa Electric Shares Slide as Weak Profit Overshadows Strong AI Demand
SK Hynix Prices Record U.S. ADR Offering at $149 After $200 Billion Investor Demand
SK Hynix’s $28B U.S. IPO Draws Strong Demand as AI Chip Boom Fuels Investor Interest
TSMC Q2 Revenue Surges 36% as AI Chip Demand Powers Growth Ahead of Earnings
SK Hynix Soars 13% in Nasdaq Debut After Record $26.5 Billion IPO
AstraZeneca Shares Sink After Wainua Trial Misses Key Heart Disease Goal
Nippon Paint Reportedly Offers Up to €7.5 Billion for Akzo Nobel Decorative Paints Business
DOJ Grand Jury Investigates UAW President Shawn Fain Ahead of Union Election
Kitron Q2 Revenue Beats Estimates as Defense Demand Lifts Growth 



