Salesforce customers via Gainsight-published applications
November 8, 2025
•[ data leak, supply chain attack, API abuse ]
A large-scale supply-chain campaign abused OAuth tokens linked to Gainsight-published applications integrated with Salesforce, enabling unauthorized API calls that accessed certain customers Salesforce data; according to Salesforce and multiple security advisories, suspicious activity began around November 8, 2025, and may have affected more than 200 Salesforce instances before tokens were revoked and the apps were pulled from the AppExchange.
