4 months ago
63
Google has confirmed that hackers person stolen the Salesforce-stored information of much than 200 companies successful a large-scale proviso concatenation hack.
On Thursday, Salesforce disclosed a breach of “certain customers’ Salesforce data” — without naming affected companies — that was stolen via apps published by Gainsight, which provides a lawsuit enactment level to different companies.
In a statement, Austin Larsen, the main menace expert of Google Threat Intelligence Group, said that the institution “is alert of much than 200 perchance affected Salesforce instances.”
After Salesforce announced the breach, the notorious and somewhat-nebulous hacking radical known arsenic Scattered Lapsus$ Hunters, which includes the ShinyHunters gang, claimed work for the hacks successful a Telegram channel, which TechCrunch has seen.
The hacking radical claimed work for hacks affecting Atlassian, CrowdStrike, Docusign, F5, GitLab, Linkedin, Malwarebytes, SonicWall, Thomson Reuters, and Verizon.
Contact Us
Do you person much accusation astir these Salesforce and Gainsight information breaches? Or different information breaches? From a non-work device, you tin interaction Lorenzo Franceschi-Bicchierai securely connected Signal astatine +1 917 257 1382, oregon via Telegram and Keybase @lorenzofb, oregon email. You besides tin interaction TechCrunch via SecureDrop.
Google would not remark connected circumstantial victims.
CrowdStrike’s spokesperson Kevin Benacci told TechCrunch successful a connection that the institution is “not affected by the Gainsight contented and each lawsuit information remains secure.” CrowdStrike said it terminated a “suspicious insider” for allegedly passing accusation to hackers.
TechCrunch reached retired to each the companies mentioned by Scattered Lapsus$ Hunters. A spokesperson for Verizon acknowledged receipt of our email.
Malwarebytes spokesperson Ashley Stewart told TechCrunch that the company’s information squad is “aware” of the Gainsight and Salesforce issues and are “actively investigating the matter.”
At the clip of publishing, nary of the different companies responded to requests for comment.
Hackers with the ShinyHunters radical told TechCrunch successful an online chat that they gained entree to Gainsight, acknowledgment to their erstwhile hacking campaign that targeted customers of Salesloft, which provides an AI and chatbot-powered selling level called Drift. In that earlier case, the hackers stole Drift authentication tokens from those customers, allowing the hackers to interruption into their linked Salesforce instances and download their contents.
At the time, Gainsight confirmed it was among the victims of that hacking campaign.
“Gainsight was a lawsuit of Salesloft Drift, they were affected and truthful compromised wholly by us,” said ShinyHunters.
Salesforce spokesperson Nicole Aranda told TechCrunch that “as a substance of policy, Salesforce does not remark connected circumstantial lawsuit issues.”
Gainsight did not respond to TechCrunch’s requests for comment.
On Thursday, Salesforce said determination is “no denotation that this contented resulted from immoderate vulnerability successful the Salesforce platform,” efficaciously distancing itself from its customers’ information breaches.
Gainsight has been publishing updates astir the incidental on its incidental page. On Friday, the institution said that it is present moving with Google’s incidental effect portion Mandiant to assistance analyse the breach, that the incidental successful question “originated from the applications’ outer transportation — not from immoderate contented oregon vulnerability wrong the Salesforce platform,” and that “a forensic investigation is continuing arsenic portion of a broad and autarkic review.”
“Salesforce has temporarily revoked progressive entree tokens for Gainsight-connected apps arsenic a precautionary measurement portion their probe into antithetic enactment continues,” according to Gainsight’s incidental page, which said Salesforce is notifying affected customers whose information was stolen.
In its Telegram channel, Scattered Lapsus$ Hunters said it plans to motorboat a dedicated website to extort the victims of its latest run by adjacent week. This is the group’s modus operandi; successful October, the hackers besides published a akin extortion website aft stealing victim’s Salesforce information successful the Salesloft incident.
The Scattered Lapsus$ Hunters is simply a corporate of English-speaking hackers made up of respective cybercriminal gangs, including ShinyHunters, Scattered Spider, and Lapsus$, whose members usage social engineering tactics to instrumentality institution employees into granting the hackers entree to their systems oregon databases. In the past fewer years, these groups person claimed several high-profile victims, specified arsenic MGM Resorts, Coinbase, DoorDash, and more.
English (US) ·