Google has confirmed that hackers have stolen the Salesforce-stored data of more than 200 companies in a large-scale supply chain hack.
On Thursday, Salesforce disclosed a breach of “certain customers’ Salesforce data” — without naming affected companies — that was stolen via apps published by Gainsight, which provides a customer support platform to other companies.
In a statement, Austin Larsen, the principal threat analyst of Google Threat Intelligence Group, said that the company “is aware of more than 200 potentially affected Salesforce instances.”
After Salesforce announced the breach, the notorious and somewhat-nebulous hacking group known as Scattered Lapsus$ Hunters, which includes the ShinyHunters gang, claimed responsibility for the hacks in a Telegram channel, which TechCrunch has seen.
The hacking group claimed responsibility for hacks affecting Atlassian, CrowdStrike, Docusign, F5, GitLab, Linkedin, Malwarebytes, SonicWall, Thomson Reuters, and Verizon.
Contact Us
Do you have more information about these Salesforce and Gainsight data breaches? Or other data breaches? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
Google would not comment on specific victims.
CrowdStrike’s spokesperson Kevin Benacci told TechCrunch in a statement that the company is “not affected by the Gainsight issue and all customer data remains secure.” CrowdStrike confirmed to TechCrunch that it terminated a “suspicious insider” for allegedly passing information to hackers.
TechCrunch reached out to all the companies mentioned by Scattered Lapsus$ Hunters.
Verizon spokesperson Kevin Israel said in a statement that “Verizon is aware of the unsubstantiated claim by the threat actor,” without providing evidence for this claim.
Malwarebytes spokesperson Ashley Stewart told TechCrunch that the company’s security team is “aware” of the Gainsight and Salesforce issues and “actively investigating the matter.”
A spokesperson for Thomson Reuters said the company is “actively investigating.”
Michael Adams, the chief information security officer at Docusign told TechCrunch in a statement that “following a comprehensive log analysis and internal investigation, we have no indication of Docusign data compromise at th …