The Business Times

Salesforce says customer data possibly exposed following incident

The company is investigating “unusual activity” involving Gainsight-published applications

Summarise
    • Hackers have repeatedly exploited the integrations between software-as-service companies such as Salesforce and Gainsight to steal data.
    • Hackers have repeatedly exploited the integrations between software-as-service companies such as Salesforce and Gainsight to steal data. PHOTO: EPA-EFE
    Published Fri, Nov 21, 2025 · 09:34 AM

    [WASHINGTON] Salesforce said on Thursday (Nov 20) that it is investigating “unusual activity” involving Gainsight-published applications that may have exposed customer data.

    In a brief statement published to its status portal, Salesforce said the Gainsight-published applications, which are installed and managed by customers, “may have enabled unauthorised access to certain customers’ Salesforce data”.

    Salesforce said in its message that it had temporarily “revoked all active access” to Gainsight’s applications. In an email, the company noted that, “There is no indication that this issue resulted from any vulnerability in the Salesforce platform.”

    Gainsight said on its website that “we continue to work closely with Salesforce as they investigate the unusual activity that led to the revocation of access tokens for Gainsight-published applications”.

    Gainsight did not immediately return an email for further comment.

    Although Reuters could not establish the scope or nature of the incident, hackers have repeatedly exploited the integrations between software-as-service companies such as Salesforce and Gainsight to steal data.

    Last month, Alphabet’s Google said that the exploitation of a weakness at Oracle’s E-Business Suite of applications had likely impacted more than 100 companies.

    In June, Google said that hackers had tricked employees of Salesforce clients into installing a modified version of Salesforce’s Data Loader, a proprietary tool used to bulk import files, and compromising their data.

    Jaime Vasco, the co-founder of Nudge Security, said that it was part of an emerging paradigm.

    “Attackers don’t need to breach the core platform when they can compromise an integration with privileged access,” he said.

    Speaking to Reuters, he added: “This is the new attack surface.” REUTERS

    Decoding Asia newsletter: your guide to navigating Asia in a new global order. Sign up here to get Decoding Asia newsletter. Delivered to your inbox. Free.

    SalesforceData breacheshackingCybersecurity

    Share with us your feedback on BT's products and services

    Feedback
    Latest T-bills Treasury Bills Results & Interest NewsLatest SSB Singapore Savings Bonds NewsLatest COE Certificate of Entitlement News
    Latest Johor-Singapore SEZ NewsLatest BTO Build To Order & Sales of Balance NewsLatest STI Straits Times Index NewsLatest SGX Dividends, Share Price NewsLatest Bonds Market NewsLatest Singapore Stocks To Buy NewsLatest Singapore Economy News
    View More