Find notable cyber news and cases, enriched with sources, timelines, and signals.

Salesforce hit by network compromise

Incident
First reported
Last updated
Happening score
H score 81
2 unique sources, 2 articles

Summary

Hide ▲

Salesforce revoked refresh tokens and temporarily removed Gainsight-published applications after detecting unusual activity that may have enabled unauthorized access to certain customers' Salesforce data. The issue appears tied to the apps' external connection rather than a flaw in the CRM platform, and the investigation is ongoing. Impacted customers were notified while Salesforce continued containment.

Related Happenings

Klue Battlecards app Salesforce customer data leak

Data Leak
H score41 First: 19.06.2026 12:03 Last: 19.06.2026 12:03 Sources 1

About this happening: A **Klue**-related **Salesforce** data leak on **June 12** exposed customer records after an attacker used a **compromised legacy credential** to obtain **OAuth tokens** from Klue...

Latest development: 20.06.2026 01:31

Icarus publicly claimed responsibility on its data leak site for the Klue-related Salesforce data theft and pressured Klue and affected organizations to contact the group through Session to avoid publication of stolen data. The same campaign was also tied to additional victims including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity, with most reporting theft from Salesforce instances rather than compromise of their core platforms or infrastructure.

Optimizely hit by network compromise

Incident
H score38 First: 23.02.2026 20:04 Last: 23.02.2026 20:04 Sources 1

About this happening: **Optimizely** confirmed a **voice-phishing breach** that exposed **basic business contact information**, creating a limited but real follow-on phishing risk. The intrusion touche...

Rising encryptionless extortion incidents against enterprises in 2025

Trend
H score27 First: 15.01.2026 17:45 Last: 15.01.2026 17:45 Sources 1

About this happening: **Encryptionless extortion** surged in **2025** as attackers increasingly skipped ransomware encryption and instead stole data to pressure victims across **enterprise environments...

ShinyHunters Salesforce extortion campaign against global companies in 2025

Campaign
H score84 First: 15.01.2026 17:45 Last: 15.01.2026 17:45 Sources 1

About this happening: The **ShinyHunters** campaign now includes a **Qantas** breach disclosed after the airline found a **June 30, 2025** intrusion in a **third-party platform** used by one customer s...

Gainsight hit by network compromise

Incident
H score18 First: 27.11.2025 09:03 Last: 27.11.2025 09:03 Sources 1

About this happening: Gainsight disclosed a **customer-impacting unauthorized access incident** in its **Salesforce-connected applications**, and the scope has expanded to more customers than first tho...

Timeline

  1. 20.11.2025 18:47 2 articles · 7mo ago

    Salesforce identifies unusual activity in Gainsight-published applications

    Initial Disclosure

    Salesforce identified unusual activity involving Gainsight-published applications connected to its CRM environment, assessed that the activity may have enabled unauthorized access to certain customers' Salesforce data through the app connection, revoked active access and refresh tokens, temporarily removed the applications from AppExchange, and notified impacted customers.

    Show sources