Gainsight CEO Chuck Ganapathi assured customers in a blog post published Tuesday that it was actively working with Salesforce and third-party forensic experts to respond to a supply chain attack last week that enabled hackers to access customer data.
Salesforce last week disabled its connection with Gainsight, revoking all active and refresh tokens that were connected to Gainsight-published applications.
Ganapathi said the company has been in regular contact with customers, holding town halls, and has stood up a team of specialists to manage CS instances while the Salesforce app connection is offline, according to the blog post.
“We know how critical Gainsight is to your daily operations and we personally take the responsibility for ensuring you have access to our products,” Ganapathi said in the blog post.
Ganapathi said that while Salesforce has identified compromised customer tokens, Gainsight is aware of “only a handful” of customers that had their data affected by the breach. Mandiant, the incident response arm of Google Threat Intelligence Group, has been working with the companies to investigate the breach.
Last week researchers said they were investigating more than 200 cases related to the breach, which was claimed by the hacking group ShinyHunters. It is not immediately clear how to reconcile the 200 cases with the “handful” of customers with confirmed data impacts.
Researchers said the hackers claimed to have much larger numbers of impacted cases.
The incident comes about three months after a similar attack, where Salesforce customers were targeted through their connections with Salesloft Drift. That attack was linked to the compromise of the Salesloft Drift GitHub account, which occurred between March and June of this year.
Gainsight previously confirmed that integrations with other applications, including Zendesk and Hubspot, have been paused as a precaution.