Hundreds of Salesforce customers hit by yet another third-party vendor breach 완벽가이드
Hundreds of Salesforce customers hit by yet another third-party vendor breach
사이버보안 전문 정보
Salesforce said yet another breach involving a third-party vendor has compromised customers’ data, warning in a security advisory late Wednesday that it detected unusual activity in Gainsight applications connected to Salesforce customer environments. “Google Threat Intelligence Group is aware of mo
핵심 특징
고품질
검증된 정보만 제공
빠른 업데이트
실시간 최신 정보
상세 분석
전문가 수준 리뷰
상세 정보
핵심 내용
Salesforce said yet another breach involving a third-party vendor has compromised customers’ data, warning in a security advisory late Wednesday that it detected unusual activity in Gainsight applications connected to Salesforce customer environments. “Google Threat Intelligence Group is aware of more than 200 potentially affected Salesforce instances,” Austin Larsen, principal analyst at GTIG, told CyberScoop. The breach shares strong similarities to an expansive downstream attack spree that impacted more than 700 customers who integrated Salesloft Drift into Salesforce less than two months ago. The attacks targeting Gainsight, which bills itself as “customer success” software, and Salesloft Drift customer integrations with Salesforce are also linked to the same threat group or associated cybercriminals. “We assess this is likely the same threat cluster — ShinyHunters or UNC6240 — related to other recent campaigns targeting Salesforce instances, such as UNC6040,” Larsen said. Salesforce responded to both attacks by revoking access to tokens that allowed customers to connect the third-party services to their Salesforce environments
상세 분석
. “Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection,” Salesforce said in the advisory. “There is no indication that this issue resulted from any vulnerability in the Salesforce platform. The activity appears to be related to the app’s external connection to Salesforce.” The company did not say when or how it became aware of the unauthorized activity in customer environments. A Salesforce spokesperson did not provide additional details and said it will update its security page with more information and customer guidance as appropriate.
정리
Organizations impacted by the attack originating in Gainsight’s Salesforce connector are unknown, but the platform has about 1,000 customers, including many well-known enterprises and technology firms. Gainsight issued its first public alert about Salesforce connections failures on its status page late Wednesday. “We continue to work closely with Salesforce as they investigate the unusual activity that led to the revocation of access tokens for Gainsight-published applications,” the company said in an update Thursday. The company said the Gainsight app has also been “temporarily pulled” from the Hubspot Marketplace, a move that may impact OAuth access for customer connections with that platform. “No suspicious activity related to Hubspot has been observed at this point
자주 묻는 질문
Q. 어떤 정보를 제공하나요?
A. 사이버보안 관련 최신 정보를 제공합니다.
Q. 신뢰할 수 있나요?
A. 검증된 출처만 선별합니다.
Q. 더 궁금한 점은?
A. 댓글로 문의하세요.
원문 출처
이 글은 원본 기사를 참고하여 작성되었습니다.