Salesforce announced Wednesday that it is investigating a breach of “Salesforce data for certain customers” through an app published by Gainsight, which sells a platform for other companies to manage their customers.
In a notice published late Wednesday, Salesforce said the hack involved “Gainsight published applications connected to Salesforce that are installed and managed directly by customers.”
Salesforce said there is “no indication that this issue is due to a vulnerability in the Salesforce platform” and that the activity appears to be related to Gainsight's “external connections to Salesforce.”
When asked for comment, Salesforce spokesperson Nicole Aranda directed TechCrunch to the company's page featuring the incident.
Contact Us Do you have more information about the Salesforce and Gainsight data breach? Or any other data breach? You can contact Lorenzo Franceschi-Bicchierai securely from your non-work device on Signal (+1 917 257 1382), on Telegram and Keybase @lorenzofb, or by email. You can also contact TechCrunch via SecureDrop.
As of this writing, Gainsight said on its status page that it was investigating “Salesforce connectivity issues,” but made no mention of a possible breach. “Our internal investigation is ongoing,” Gainsight wrote.
A Gainsight spokesperson did not immediately respond to TechCrunch's request for comment.
Gainsight advertises several enterprise customers on its website, including Airtable, Notion, GitLab, and more. When contacted via email, GitLab spokesperson Emily James told TechCrunch that Gitlab's “security team is investigating and will contact you if we have more to share.”
tech crunch event
San Francisco | October 13-15, 2026
Prolific hacker collective ShinyHunters told cybersecurity news website DataBreaches.net that it was behind the breach, adding that if Salesforce did not negotiate with them, they would create a new website advertising the stolen data. This is a common extortion tactic by financially motivated cybercriminals.
“Next [data leak site] “It contains data from Salesloft and GainSight campaigns,” the hackers told DataBreaches.net, claiming they stole data from nearly 1,000 companies.
This data breach appears similar to an August breach at AI marketing chatbot maker Salesloft. The breach allowed hackers to infiltrate numerous customers' connected Salesforce instances and steal sensitive data such as access tokens for other services. Victims included insurance giant Allianz Life, Bugcloud, Cloudflare, Google, fashion conglomerate Kering, Proofpoint, airline Qantas, automaker Stellantis, credit reporting company TransUnion, and employee management platform Workday.
In the case of the Salesloft breach, the hacker group Scattered Lapsus$ Hunters, which apparently includes the ShinyHunters gang, claimed responsibility.
Last month, the hackers launched a website dedicated to blackmailing victims of the breach, where they threatened to release 1 billion records.
At the time, Gainsight acknowledged that it was among the victims of Salesloft-related breaches, but it was unclear whether this new wave of hacks stemmed from previous breaches.