All products
Massive Supply Chain Hack: Hackers Steal Data from Over 200 Companies
Google has confirmed that hackers have stolen the Salesforce-stored data of more than 200 companies in a large-scale supply chain hack. The breach, which was first disclosed by Salesforce, involved apps published by Gainsight, a customer support platform provider. According to Austin Larsen, the principal threat analyst of Google Threat Intelligence Group, “more than 200 potentially affected Salesforce instances” have been identified.
The notorious hacking group known as Scattered Lapsus$ Hunters, which includes the ShinyHunters gang, has claimed responsibility for the hacks in a Telegram channel. The group has listed several high-profile companies, including Atlassian, CrowdStrike, Docusign, F5, GitLab, Linkedin, Malwarebytes, SonicWall, Thomson Reuters, and Verizon, as victims of the hack.
Companies Respond to the Breach
CrowdStrike’s spokesperson Kevin Benacci stated that the company is “not affected by the Gainsight issue and all customer data remains secure.” However, the company did terminate a “suspicious insider” for allegedly passing information to hackers. Malwarebytes spokesperson Ashley Stewart said that the company’s security team is “aware” of the Gainsight and Salesforce issues and are “actively investigating the matter.”
Verizon acknowledged receipt of a request for comment, but none of the other companies mentioned by Scattered Lapsus$ Hunters responded to requests for comment. Google declined to comment on specific victims, citing its policy of not disclosing information about individual companies.
How the Hackers Gained Access
According to the ShinyHunters group, they gained access to Gainsight thanks to their previous hacking campaign that targeted customers of Salesloft, which provides an AI and chatbot-powered marketing platform called Drift. The hackers stole Drift authentication tokens from those customers, allowing them to break into their linked Salesforce instances and download their contents.
Gainsight confirmed that it was among the victims of that hacking campaign. The company has been publishing updates about the incident on its incident page and is working with Google’s incident response unit Mandiant to help investigate the breach.
Extortion and Investigation
Scattered Lapsus$ Hunters plans to launch a dedicated website to extort the victims of its latest campaign by next week. This is the group’s modus operandi; in October, the hackers also published a similar extortion website after stealing victim’s Salesforce data in the Salesloft incident.
The Scattered Lapsus$ Hunters is a collective of English-speaking hackers made up of several cybercriminal gangs, including ShinyHunters, Scattered Spider, and Lapsus$. The group has claimed several high-profile victims, such as MGM Resorts, Coinbase, DoorDash, and more.
For more information on this developing story, please visit Here
Image Credit: techcrunch.com