Salesforce Data Drama: Gainsight OAuth Apps Under Siege by ShinyHunters

Salesforce has raised the alarm on suspicious activity in Gainsight-linked OAuth apps, hinting at unauthorized access to some customers’ data. The company swiftly revoked all app tokens and pulled the apps from AppExchange, emphasizing it’s not a platform flaw but an external connection issue. Stay alert, folks!

3P
Published: November 21, 2025 10:32 amAdded: November 21, 2025 at 3:01 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Gainsight’s OAuth apps got a little too friendly with Salesforce data and invited some unwanted guests to the party. Who knew app connections could be such social butterflies? Time to revoke those tokens and send them to app-rehab!

Key Points:

  • Salesforce detected unusual activity in Gainsight-linked OAuth apps.
  • Tokens were revoked and apps removed from AppExchange as a precaution.
  • No vulnerabilities in Salesforce itself were found; issue stems from external connections.
  • ShinyHunters, a group with a history of targeting Salesforce, is suspected.
  • Gainsight was also affected in a previous attack on Salesloft Drift.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?