Salesforce Cuts Off Gainsight App Access After Detecting Data Exposure Risk—Mandiant Launches Investigation

Author: Ananya Gairola | November 21, 2025 03:07am

On Thursday, Salesforce (NYSE:CRM) halted access to several Gainsight-published applications after detecting suspicious activity that may have allowed unauthorized access to customer data, prompting a deeper investigation led by cybersecurity firm Mandiant.

Salesforce Revokes Tokens, Removes Apps

In a statement, Salesforce said it observed "unusual" behavior tied to Gainsight applications that connect to its platform and warned customers that the activity may have enabled outside access to certain data.

The company stressed that the issue stemmed from the apps' external connections rather than any flaw in Salesforce's systems.

Upon detecting the activity, Salesforce revoked all active access and refresh tokens associated with Gainsight-published applications connected to Salesforce and temporarily removed those applications from the AppExchange while our investigation continues," Salesforce said in a statement.

The company added that its review shows no evidence of any vulnerability in the Salesforce platform.

See Also: Jensen Huang Says Being A CEO Is About ‘Sacrifice': Nvidia Chief Credits His Mother For Preparing Him For The Road Ahead: She Told Me I Was ‘Special'

Gainsight Engages Mandiant

Gainsight also said on its website that it is working closely with Salesforce and has brought in Mandiant to lead a "comprehensive, independent forensic investigation."

"Our current findings indicate that the activity under investigation originated from the applications' external connection — not from any issue or vulnerability within the Salesforce platform," the company said.

Part Of A Growing Trend In Third-Party App Risks

The incident follows warnings about attacks targeting third-party tools connected to major enterprise platforms, including separate cases involving Oracle Corp (NYSE:ORCL) and Salesforce customer environments.

Jaime Blasco, cofounder of Nudge Security, took to LinkedIn and noted that this reflects a growing trend in which attackers bypass core platforms by targeting integrated tools that already hold privileged access.

Benzinga's Edge Stock Rankings indicate that Salesforce is trending lower in the short, medium and long term. Click here to see how its performance stacks up against industry peers.

Read Next:

• David Tepper's Hedge Funds Bets On AMD, Nvidia In Q3, Takes Profits On Intel

Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.

Photo courtesy: NYCStock / Shutterstock.com

Posted In: CRM ORCL