Google has confirmed that hackers have stolen the Salesforce-stored knowledge of greater than 200 firms in a large-scale provide chain hack.
On Thursday, Salesforce disclosed a breach of “sure prospects’ Salesforce knowledge” — with out naming affected firms — that was stolen by way of apps revealed by Gainsight, which supplies a buyer assist platform to different firms.
In a press release, Austin Larsen, the principal risk analyst of Google Risk Intelligence Group, mentioned that the corporate “is conscious of greater than 200 probably affected Salesforce cases.”
After Salesforce introduced the breach, the infamous and somewhat-nebulous hacking group often known as Scattered Lapsus$ Hunters, which incorporates the ShinyHunters gang, claimed accountability for the hacks in a Telegram channel, which TechCrunch has seen.
The hacking group claimed accountability for hacks affecting Atlassian, CrowdStrike, Docusign, F5, GitLab, Linkedin, Malwarebytes, SonicWall, Thomson Reuters, and Verizon.
Contact Us
Do you’ve extra details about these Salesforce and Gainsight knowledge breaches? Or different knowledge breaches? From a non-work machine, you may contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram and Keybase @lorenzofb, or electronic mail.
Google wouldn’t touch upon particular victims.
CrowdStrike’s spokesperson Kevin Benacci informed TechCrunch in a press release that the corporate is “not affected by the Gainsight subject and all buyer knowledge stays safe.” CrowdStrike confirmed to TechCrunch that it terminated a “suspicious insider” for allegedly passing info to hackers.
TechCrunch reached out to all the businesses talked about by Scattered Lapsus$ Hunters.
Verizon spokesperson Kevin Israel mentioned in a press release that “Verizon is conscious of the unsubstantiated declare by the risk actor,” with out offering proof for this declare.
Malwarebytes spokesperson Ashley Stewart informed TechCrunch that the corporate’s safety crew is “conscious” of the Gainsight and Salesforce points and “actively investigating the matter.”
A spokesperson for Thomson Reuters mentioned the corporate is “actively investigating.”
Michael Adams, the chief info safety officer at Docusign informed TechCrunch in a press release that “following a complete log evaluation and inside investigation, we’ve no indication of Docusign knowledge compromise right now.” Nevertheless, Adams mentioned that, “out of an abundance of warning, we’ve taken a variety of measures together with terminating all Gainsight integrations and containing associated knowledge flows.”
On the time of publishing, not one of the different firms responded to requests for remark.
Hackers with the ShinyHunters group informed TechCrunch in an internet chat that they gained entry to Gainsight because of their earlier hacking marketing campaign that focused prospects of Salesloft, which supplies an AI and chatbot-powered advertising and marketing platform known as Drift. In that earlier case, the hackers stole Drift authentication tokens from these prospects, permitting the hackers to interrupt into their linked Salesforce cases and obtain their contents.
On the time, Gainsight confirmed it was among the many victims of that hacking marketing campaign.
“Gainsight was a buyer of Salesloft Drift, they have been affected and subsequently compromised fully by us,” a spokesperson for the ShinyHunters group informed TechCrunch.
Salesforce spokesperson Nicole Aranda informed TechCrunch that “as a matter of coverage, Salesforce doesn’t touch upon particular buyer points.”
Gainsight didn’t reply to TechCrunch’s requests for remark.
On Thursday, Salesforce mentioned there may be “no indication that this subject resulted from any vulnerability within the Salesforce platform,” successfully distancing itself from its prospects’ knowledge breaches.
Gainsight has been publishing updates concerning the incident on its incident web page. On Friday, the corporate mentioned that it’s now working with Google’s incident response unit Mandiant to assist examine the breach, that the incident in query “originated from the functions’ exterior connection — not from any subject or vulnerability inside the Salesforce platform,” and that “a forensic evaluation is constant as a part of a complete and unbiased overview.”
“Salesforce has quickly revoked energetic entry tokens for Gainsight-connected apps as a precautionary measure whereas their investigation into uncommon exercise continues,” based on Gainsight’s incident web page, which mentioned Salesforce is notifying affected prospects whose knowledge was stolen.
In its Telegram channel, Scattered Lapsus$ Hunters mentioned it plans to launch a devoted web site to extort the victims of its newest marketing campaign by subsequent week. That is the group’s modus operandi; in October, the hackers additionally revealed an identical extortion web site after stealing victims’ Salesforce knowledge within the Salesloft incident.
The Scattered Lapsus$ Hunters is a collective of English-speaking hackers made up of a number of cybercriminal gangs, together with ShinyHunters, Scattered Spider, and Lapsus$, whose members use social engineering techniques to trick firm staff into granting the hackers entry to their techniques or databases. In the previous few years, these teams have claimed a number of high-profile victims, akin to MGM Resorts, Coinbase, DoorDash, and extra.
This story was up to date to incorporate feedback from Docusign, Thomson Reuters, and Verizon.
{content material}
Supply: {feed_title}