Salesforce is investigating unusual activity involving applications published by Gainsight, a customer success software provider integrated with Salesforce. Salesforce has notified affected customers, stated there is no evidence of a vulnerability in the Salesforce platform itself, and believes the activity is tied to Gainsight-published applications installed and managed directly by customers. In response, Salesforce revoked all active access and refresh tokens for these applications and temporarily removed them from the AppExchange. On November 20, Gainsight acknowledged connection failures for the Gainsight SFDC Connector related to this incident but has not provided further details. As Salesforce continues its investigation, Arctic Wolf will closely monitor the situation and alert customers if any malicious activity is identified. Learn more in our latest security bulletin: https://lnkd.in/gg_QgY5D
