ShinyHunters ‘does not like Salesforce at all,’ claims the crew accessed Gainsight 3 months ago www.theregister.com/2025/11/2…
EXCLUSIVE ShinyHunters has claimed responsibility for the Gainsight breach that allowed the data thieves to snarf data from hundreds more Salesforce customers.
In messages sent to The Register, a member of the extortionist crew said they gained access to Gainsight during the Salesloft Drift hack earlier this year: “We’ve had access to Gainsight for nearly 3 months.” Gainsight is a customer success platform that also integrates with Salesforce and several other CRMs, including HubSpot, as well as support tools like Zendesk.
Google Threat Intelligence Group’s principal analyst Austin Larsen previously told The Register that the breach “is likely related to UNC6240 (aka ShinyHunters),” and that Google is “aware of more than 200 potentially affected Salesforce instances.” And, according to ShinyHunters, it dates back to the crooks gaining access to the Salesloft GitHub account.
