Google has confirmed that hackers stole data from more than 200 companies after exploiting apps developed by Gainsight, a customer success software provider. The breach targeted Salesforce systems and is being described as one of the biggest supply chain attacks in recent months.
What Happened
Salesforce said last week that “certain customers’ Salesforce data” had been accessed through Gainsight applications. These apps are widely used by companies to manage customer relationships. According to Google’s Threat Intelligence Group, over 200 Salesforce instances were affected.
Who Is Behind the Attack
A group calling itself Scattered Lapsus$ Hunters, which includes members of the well-known ShinyHunters gang, has claimed responsibility. The gang has a history of targeting large firms and leaking stolen data online.
The hackers have already published a list of alleged victims. Names include Atlassian, CrowdStrike, DocuSign, GitLab, LinkedIn, Malwarebytes, SonicWall, Thomson Reuters and Verizon. Some of these companies have denied being impacted, while others are still investigating.
What next?
This is a serious case of risks of third-party apps in enterprise ecosystems. By compromising Gainsight’s software, attackers were able to reach hundreds of companies at once.
According to Tech Crunch, supply chain attacks are especially dangerous because they exploit trust i
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: