On Telegram, the hacker collective “Scattered Lapsus$ Hunters,” which includes the notorious ShinyHunters gang, took credit. Atlassian, CrowdStrike, DocuSign, LinkedIn, and Verizon were among the well-known targets they mentioned. Despite the hackers’ assertions, a number of businesses have resisted. Despite disclosing that it had fired a “suspicious insider,” CrowdStrike claimed to be unaffected. DocuSign discontinued Gainsight integrations out of caution even though there was no evidence of data compromise at this time. Verizon also rejected the allegations as “unsubstantiated.” Gainsight has acknowledged that it fell prey to a previous security effort that targeted Salesloft’s Drift platform. TechCrunch was notified by the hacker collective ShinyHunters that they used this first leak to undermine Gainsight.
In particular, they were able to retrieve content by redirecting to associated Salesforce instances after stealing login keys. Salesforce has temporarily revoked active access tokens for Gainsight-connected apps as a precaution, although it insists that this incident was not caused by a vulnerability within its own platform. Gainsight is currently doing a forensic examination in collaboration with Mandiant, Google’s incident response team. In order to extort the victims of this campaign, the hackers have also revealed plans to build a dedicated website next week. This is consistent with the group’s past use of social engineering to target big businesses like Coinbase and MGM Resorts.
