Hackers have stolen the data of over 200 companies stored on the Salesforce platform due to a security vulnerability in an app provided by Gainsight, according to Google. The attack is part of a larger supply chain hack.
Several major companies were affected, including Atlassian, CrowdStrike, Docusign, F5, GitLab, Linkedin, Malwarebytes, SonicWall, Thomson Reuters, and Verizon. However, not all the companies responded to requests for comment, while some have confirmed that their data is secure.
Gainsight was previously hacked in a separate incident targeting its customer Salesloft, where hackers stole authentication tokens from customers’ accounts. This allowed them to access linked Salesforce instances and download their contents.
Salesforce has denied any direct involvement in the breach, stating there’s “no indication” it resulted from a vulnerability on their platform. Gainsight is working with Google’s incident response team Mandiant to investigate the breach, which they believe originated from external connections rather than an issue within Salesforce.
The hackers claimed responsibility for the attack and plan to launch an extortion website next week to extort the victims. The group has previously targeted high-profile companies using social engineering tactics.
Note: I simplified the article while maintaining key points and details. Let me know if you’d like any further modifications!
Source: https://techcrunch.com/2025/11/21/google-says-hackers-stole-data-from-200-companies-following-gainsight-breach