Google has confirmed a significant supply chain hack that resulted in hackers stealing data from over 200 companies stored on the Salesforce platform. The breach, initially disclosed by Salesforce, involved data being stolen via apps from Gainsight, a customer support platform provider.
According to Austin Larsen from the Google Threat Intelligence Group, more than 200 Salesforce instances were potentially affected by this breach. Following Salesforce’s announcement, the hacking group Scattered Lapsus$ Hunters claimed responsibility for the attacks, targeting companies like Atlassian, CrowdStrike, Docusign, F5, GitLab, LinkedIn, Malwarebytes, SonicWall, Thomson Reuters, and Verizon.
CrowdStrike, one of the affected companies, confirmed that they were not impacted by the Gainsight issue and assured the security of all customer data. They also revealed terminating a ‘suspicious insider’ for allegedly aiding the hackers.
While Google did not specify the full list of victims, the breach underscores the importance of robust cybersecurity measures in supply chain management and the ongoing threats faced by companies relying on third-party services for data storage.
Source: TechCrunch