Benzinga·2025-11-21 08:07Core Insights - Salesforce has halted access to several Gainsight-published applications due to suspicious activity that may have allowed unauthorized access to customer data, prompting an investigation by cybersecurity firm Mandiant [1][2] - The unusual behavior was linked to external connections of the Gainsight applications rather than any flaws within Salesforce's systems [2][3] - Salesforce revoked all active access and refresh tokens associated with Gainsight applications and temporarily removed them from the AppExchange during the investigation [3] Company Actions - Salesforce stated that its review shows no evidence of vulnerabilities within its platform, emphasizing that the issue originated from the external connections of the applications [3][4] - Gainsight is collaborating with Salesforce and has engaged Mandiant to conduct a comprehensive forensic investigation into the matter [4] Industry Context - This incident highlights a growing trend of risks associated with third-party applications connected to major enterprise platforms, as noted by cybersecurity experts [5] - The trend indicates that attackers are increasingly targeting integrated tools that already have privileged access, bypassing core platforms [5]