Salesforce has launched an investigation into “unusual activity” involving Gainsight-published applications that may have exposed customer data, the company confirmed on Thursday.
In a brief update posted to its status portal, Salesforce said that certain Gainsight apps — which customers install and manage within their own Salesforce environments — may have enabled unauthorized access to some customer data. As a precaution, the company has revoked all active access tokens associated with Gainsight’s applications.
Salesforce clarified that there is no evidence the issue stems from a vulnerability within the Salesforce platform itself.
Gainsight, in a statement on its website, said it is working closely with Salesforce to investigate the incident and understand what triggered the revocation of its access tokens. The company has not responded to additional requests for comment.
While the scope of the incident remains unclear, the event highlights a growing cybersecurity concern: attackers increasingly target integrations between Software-as-a-Service platforms rather than the platforms themselves.
Recent attacks reinforce this trend. Last month, Google reported that more than 100 companies may have been affected by a flaw exploited in Oracle’s E-Business Suite integrations. Earlier in June, Google also revealed that hackers tricked employees of Salesforce clients into downloading a tampered version of the Salesforce Data Loader tool, compromising corporate data.
Cybersecurity expert Jaime Blasco, cofounder of Nudge Security, said attackers no longer need to breach core systems when third-party integrations offer an easier path.
“This is the new attack surface,” he told Reuters.