Incident Details: Unauthorized Access via Compromised Account

Gainsight, a customer success and product experience software company, reported a security incident that resulted in unauthorized access to some of its customers’ Salesforce instances. The company announced that a threat actor gained access by using stolen credentials belonging to a Gainsight support user. This access allowed the unauthorized party to view and potentially exfiltrate data from a limited number of customer Salesforce instances connected through the Gainsight application.

The malicious activity took place between December 5 and December 21, 2023. Gainsight discovered the unauthorized access on December 21, 2023. The company has stated that the incident was not the result of a vulnerability within its own products but was specifically due to the compromise of a support user’s credentials.

Company Response and Mitigation Efforts

Upon discovering the breach, Gainsight took immediate action to contain the threat. The company disabled the compromised support user’s account to prevent further unauthorized access. It also began notifying all affected customers directly about the incident and the potential data exposure.

In response to the attack, Gainsight has implemented enhanced security measures. The company has since enforced phishing-resistant multi-factor authentication (MFA) for all of its employees to strengthen its internal security posture. Furthermore, Gainsight has rotated credentials for all of its privileged accounts as an additional precautionary measure to secure its systems and protect customer data.