Many people think big companies are always safe from hackers. But this week proved that even the biggest companies can face trouble. Google says hackers stole data from 200 companies following the Gainsight breach. This is a very serious case because it did not affect only one company. It touched hundreds of businesses at the same time and it happened through a third party that many companies trusted.
In this post, I will explain what happened in simple words, why this happened, who is behind it, and what this means for companies that use cloud tools like Salesforce and Gainsight. The aim of this post is to help anyone understand the situation, even if they are not tech experts.
What really happened
Google says hackers stole data from 200 companies following the Gainsight breach. This problem started when cybercriminals were able to break into apps made by Gainsight. Gainsight is a software company that builds customer support tools that many large companies use. These apps connect directly to Salesforce accounts.
Because the apps connect deeply with Salesforce, many companies allow Gainsight to access parts of their data. These connections use special keys called access tokens. When hackers steal these tokens, they can access the same data that the app can see. This is what happened here.
Salesforce later confirmed that some customer data stored on its platform was stolen. The stolen data did not come from a weakness in Salesforce itself. Instead, the attackers got in through the apps made by Gainsight. This is why this kind of problem is called a supply chain attack. Hackers do not attack the big company first, they attack a smaller partner that has access to the big company’s data.
Who is behind the attack
The hackers behind this attack are part of a large group known online as Scattered Lapsus Hunters. This group also includes other well known gangs such as ShinyHunters and Lapsus. These groups have been active for years and have attacked many famous companies in the past.
They use simple tricks that target workers inside companies. Sometimes they trick employees into sharing passwords. Sometimes they pretend to be staff from the same company and request access. Once they get access, they move quickly and steal as much data as they can.
After Google says hackers stole data from 200 companies following the Gainsight breach, this group quickly claimed responsibility on a public Telegram channel. They said they were behind the attack and even listed companies that they claim were affected, such as Atlassian, LinkedIn, DocuSign, GitLab, Malwarebytes, SonicWall, Thomson Reuters, and Verizon.
Some companies confirmed that they were looking into the situation. Others said the hacker claims are not proven. In a few cases, companies said they were not affected. Still, the scale of the attack is very large.
How the hackers first got in
The hackers did not start with Gainsight. They first targeted another company called Salesloft. Salesloft has a product called Drift, which uses AI and chatbots. Many companies use Salesloft Drift with Salesforce. During that earlier attack, the hackers stole authentication tokens from users of Drift. Once they had these tokens, they could enter connected Salesforce systems.
Gainsight was one of the companies using Drift. Because Gainsight was a customer of Drift, they were also affected. Once hackers entered Gainsight systems, they were able to reach the data of many Gainsight customers who used Gainsight apps inside Salesforce. This gave hackers access to a large amount of data across more than 200 companies.
This shows how one small weakness in one part of a long chain can cause a very big problem.
How Salesforce and Gainsight responded
After Salesforce saw strange activity, the company quickly removed all active access tokens that were connected to Gainsight apps. This means Gainsight apps could not talk to Salesforce anymore. Salesforce also removed the apps from its marketplace while the investigation continued.
Gainsight released updates explaining that the attack came from an external connection, not from the Salesforce platform itself. They also said they are working with Mandiant, a well known cybersecurity team from Google, to understand the attack and stop any further damage.
Google says hackers stole data from 200 companies following the Gainsight breach, but the full list of affected companies has not been made public.
Why this matters for every company
This breach is a wake up call for all companies that use cloud tools or third party apps. Many businesses trust software partners to handle data, but they sometimes forget that a partner is only as strong as its weakest point.
A single broken link in the chain can expose hundreds of companies. Even if your own systems are strong, your partner’s systems may not be.
This is why companies need to check the security of all apps they use, not only the main platform. They also need to track tokens, review access every few months, and remove connections that are no longer needed.
The Bottom Line
Google says hackers stole data from 200 companies following the Gainsight breach. This is one of the biggest supply chain attacks of the year, and it shows that cybercriminals are focusing more on companies that offer software to other companies. These third party tools are becoming bigger targets because one attack can give hackers access to many businesses at once.
The tech world will continue to investigate this case, but one thing is clear. Companies need stronger security checks for third party apps and must prepare better for supply chain risks. Even the biggest platforms can be affected if one small partner is compromised.
Also Read:Surveillance Tech Provider Protei Was Hacked, Its Data Stolen and Its Website Defaced
