Summary:

There was no major breach of the Salesforce platform itself, but rather a series of attacks in 2025 where attackers gained access to third-party applications integrated with Salesforce, such as Salesloft Drift}, to steal data from many companies, including Gainsight's Salesforce environment. This incident affected a wide range of companies and involved stealing customer contact information like names, email addresses, and phone numbers, often through social engineering rather than a technical vulnerability in Salesforce. Salesforce has stated that the platform was not compromised and has urged customers to strengthen their security by enabling multi-factor authentication (MFA) and other best

https://www.salesforceben.com/sales...arning-as-google-confirms-it-is-among-victims
How the breach happened

• Third-party access: The attackers compromised third-party applications that integrate with Salesforce, such as Salesloft Drift.
• Social engineering: The attacks did not exploit a vulnerability in Salesforce's platform but relied on social engineering tactics like phishing and vishing to trick employees into giving up access.
• Lateral movement: Once inside a company's network through one application, attackers could move laterally to access connected Salesforce data.

What data was affected

• The data stolen typically included business contact details, such as names, business email addresses, and phone numbers.
• It also included information related to product licensing and plain text from certain support cases.
• Salesforce noted that attachments were not included in the data accessed.

What the impact was for Gainsight

• Gainsight confirmed that it disconnected the Salesloft app from its Salesforce environment after learning of the breach.
• The incident was isolated to Gainsight's CRM platform, and the company stated that its other products and services were not impacted.
• The accessed information was confirmed to be business contact details and other specific Salesforce-related content.

Recommendations from Salesforce and experts

• Enable Multi-Factor Authentication (MFA): A crucial step to prevent unauthorized access.
• Use Single Sign-On (SSO): Helps manage access and can be more secure than individual passwords.
• Implement strong password policies: Reduces the risk of account compromise.
• Audit connected apps: Regularly review and audit all integrations to ensure they are not overscoped or unnecessary.
• Monitor activity: Use monitoring tools to detect and investigate unusual behavior across your SaaS environment.