Gainsight Company CyberSecurity Posture

gainsight.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

At Gainsight, our mission is to be living proof you can win in business while being human first. Gainsight, the world’s leading Customer Success platform, helps businesses drive efficient growth by unifying the post-sales customer journey. Our innovative suite of solutions—including customer success, customer education, product experience, community management, and conversational AI insights—are trusted by companies of all sizes and industries, including nearly 200 publicly traded organizations. With Gainsight, businesses can leverage AI-driven insights from real-time customer interactions to enhance engagement, improve retention, and drive expansion. Our platform makes it easier for customer success, product, and community teams to scale efficiently and gain a holistic view of their customers, driving product adoption and building thriving customer communities. Gainsight joined the Vista Equity Partners portfolio in 2020. In 2021, we won their Excellence in Engineering award in recognition for our product and engineering advancements. A remote-friendly company, we have offices in the US, UK, Netherlands, Israel, and India. Gainsight received the top spot in Glassdoor's Best Places to Work for 2023. It has also been named as one of the top 100 private cloud companies in the world by Forbes, one of the fastest-growing private companies in America by Inc. Magazine, and one of 20 Great Workplaces in Tech by Fortune Magazine.

Gainsight A.I CyberSecurity Scoring

Gainsight

Company Details

Linkedin ID:

gainsight

Website:

https://www.gainsight.com

Employees number:

1,099

Number of followers:

158,852

NAICS:

5112

Industry Type:

Software Development

Homepage:

gainsight.com

IP Addresses:

Scan still pending

Company ID:

GAI_2637636

Scan Status:

In-progress

AI scoreGainsight Risk Score (AI oriented)

Between 0 and 549

https://images.rankiteo.com/companyimages/gainsight.jpeg
Gainsight Software Development
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreGainsight Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/gainsight.jpeg
Gainsight Software Development
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Gainsight

Critical
Current Score
455
C (Critical)
01000
4 incidents
-85.5 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

JANUARY 2026
456
DECEMBER 2025
447
NOVEMBER 2025
506
Breach
24 Nov 2025 • Salesforce
Salesforce Data Breach: ShinyHunters Hack via Gainsight Integration

The **Salesforce data breach** involved the **ShinyHunters (UNC6240) hacking group**, which exploited stolen **OAuth tokens** from **Salesloft’s GitHub account** to infiltrate **Drift’s Salesforce integration** and subsequently compromise **Gainsight**, a customer process management platform. The attackers gained unauthorized access to **over 200 Salesforce instances**, exfiltrating enterprise customer data through third-party service integrations (including **HubSpot and Zendesk**). While Salesforce revoked access keys and removed affected apps from the **AppExchange**, the breach exposed sensitive customer data, though the full scope of the leak remains undisclosed. The attack leveraged **supply-chain vulnerabilities** rather than a direct Salesforce platform flaw. ShinyHunters claimed delayed detection (1–2 weeks post-intrusion) and sought internal accomplices for further exploitation. Salesforce refused ransom demands, but the incident highlights risks in **third-party integrations** and **credential-based attacks**.

444
critical -62
GAI1122911112425
Incident Details -
Type
Data Breach Unauthorized Access Supply Chain Attack
Attack Vector
Stolen OAuth Tokens Third-Party Integration Exploitation (Drift, Gainsight) GitHub Account Compromise
Vulnerability Exploited
Weak OAuth Token Security Third-Party Application Misconfiguration
Motivation
Data Theft Extortion Financial Gain Espionage
Impact
Salesforce Instances (200+) Gainsight Salesloft Drift HubSpot Zendesk Temporary Disruption of Gainsight Apps on Salesforce AppExchange Limited Functionality of HubSpot/Zendesk Connectors Revocation of Access Keys Removal of Gainsight Apps from AppExchange Internal Reviews by Affected Companies Potential Erosion of Trust in Salesforce Ecosystem Negative Publicity for Gainsight, HubSpot, Zendesk High (Enterprise Customer Data Exposed)
Response
Google Mandiant (Threat Intelligence) Revoked OAuth Tokens Removed Gainsight Apps from AppExchange Limited HubSpot/Zendesk Connector Functionality Internal Reviews by Affected Companies Token Rotation Public Disclosure via Media (Redazione RHC) No Direct Comment from Salesforce on Specifics Google Threat Intelligence Group Analysis
Data Breach
Enterprise Customer Data CRM Records Integration Logs Sensitivity Of Data: High (Potential PII, Business-Critical CRM Data) Personally Identifiable Information: Likely (Enterprise Customer Data)
Lessons Learned
OAuth token security requires stricter rotation and monitoring. Third-party integrations introduce significant supply chain risks. Delayed detection (1–2 weeks) highlights gaps in anomaly monitoring. Collaboration with threat intelligence firms (e.g., Mandiant) is critical for attribution.
Recommendations
Implement multi-layered authentication for third-party OAuth tokens. Conduct regular audits of integration partners’ security postures. Enhance real-time monitoring for unauthorized access patterns. Establish clear incident response protocols for supply chain breaches. Publicly disclose breaches transparently to maintain customer trust.
Investigation Status
Ongoing (Led by Google Mandiant)
Customer Advisories
No Direct Communication Mentioned
Stakeholder Advisories
Salesforce Revoked Access Keys Gainsight/HubSpot/Zendesk Limited Connector Functionality
Initial Access Broker
Compromised Salesloft GitHub Account Stolen OAuth Tokens for Drift Integration Reconnaissance Period: Several Months (Undetected for 1–2 Weeks Post-Intrusion) Salesforce CRM Data Gainsight Customer Process Management Platform
Post Incident Analysis
Inadequate OAuth Token Security in Third-Party Integrations (Drift, Gainsight). Lack of Real-Time Monitoring for Anomalous Access Patterns. Supply Chain Vulnerabilities via GitHub Account Compromise. Token Revocation and Rotation Across Affected Systems. Removal of Vulnerable Apps from AppExchange. Engagement of Threat Intelligence (Mandiant) for Attribution.
References
Blog URL Source URL
OCTOBER 2025
502
SEPTEMBER 2025
497
AUGUST 2025
645
Breach
01 Aug 2025 • Gainsight
Gainsight Unauthorized Salesforce Data Access via Stolen OAuth Tokens

The incident at **Gainsight** stemmed from a downstream effect of the **August 2025 Salesloft breach**, where the **Scattered Lapsus$ Hunters** group stole **OAuth tokens** tied to Salesloft’s Drift AI chat integration with Salesforce. These tokens granted unauthorized API access to **760 Salesforce instances**, leading to the exfiltration of **1.5 billion records**, including passwords, AWS keys, and Snowflake tokens.A subgroup, **ShinyHunters**, exploited the stolen credentials to breach **Gainsight’s systems**, extracting **customer contact data** (names, business emails, phone numbers, regional details), **licensing information**, and **support case contents**. Salesforce responded by **revoking all active Gainsight-associated tokens** and **temporarily removing its apps from the AppExchange** to mitigate further exposure. While Salesforce clarified that its platform itself was not vulnerable, the breach originated from **Gainsight’s external app connections**, compromising sensitive corporate and customer data across hundreds of organizations.

487
critical -158
GAI0292402112125
Incident Details -
Type
Data Breach Unauthorized Access Credential Theft
Attack Vector
Stolen OAuth Tokens API Abuse Supply Chain Attack
Vulnerability Exploited
Weak or Stolen OAuth Token Management (External App Connection to Salesforce)
Motivation
Data Theft Financial Gain (Potential Dark Web Sale) Reputation Damage
Impact
Salesforce Instances (760 in Salesloft breach) Gainsight-published Applications Token Revocation AppExchange Removal Customer Notifications Loss of Trust Negative Publicity Business Contact Details Exposed
Response
Token Revocation (OAuth/Refresh Tokens) AppExchange Removal Customer Notifications Investigation Direct Customer Notifications Public Statement
Data Breach
Business Contact Details (Names, Emails, Phone Numbers) Licensing Information Support Case Contents Regional/Location Details Passwords (Salesloft Breach) AWS Keys (Salesloft Breach) Snowflake Tokens (Salesloft Breach) 1.5 Billion (Salesloft Breach) Undisclosed (Gainsight Breach) Moderate to High (Business PII, Credentials, API Keys) Business PII (Names, Emails, Phone Numbers)
Investigation Status
Ongoing (Customer Notifications in Progress)
Customer Advisories
Revoked Tokens App Removal from AppExchange
Stakeholder Advisories
Direct Notifications to Affected Customers
Initial Access Broker
Entry Point: Stolen OAuth Tokens (Salesloft Drift Integration) Salesforce Customer Data Gainsight Licensing Data Likely (Historical ShinyHunters Behavior)
Post Incident Analysis
Weak OAuth Token Security (Salesloft) Supply Chain Vulnerability (Gainsight Apps Relying on Compromised Tokens) Insufficient API Access Controls
References
Blog URL Source URL
JULY 2025
645
JUNE 2025
703
Breach
05 Jun 2025 • Gainsight
Gainsight Data Breach Impacting Salesforce Customer Tokens

Gainsight, a customer management software firm, experienced a security breach that compromised a limited number of its clients' data. The incident was confirmed by CEO Chuck Ganapathi and involved the exposure of **Salesforce customer tokens**, which are critical for authentication and access control within Salesforce ecosystems. While the breach did not result in a large-scale data leak, the compromise of these tokens poses risks such as unauthorized access to customer accounts, potential phishing attacks, or further exploitation of linked systems. The breach highlights vulnerabilities in third-party integrations, particularly those tied to major platforms like Salesforce. Although the impact was contained to a subset of clients, the exposure of authentication tokens could lead to reputational damage for Gainsight, erosion of customer trust, and potential financial repercussions if affected clients face downstream security incidents. The company has not disclosed whether the breach was due to a targeted cyber attack, a vulnerability exploitation, or an internal misconfiguration, but the involvement of Salesforce tokens suggests a sophisticated intrusion method.

641
critical -62
GAI3653836120125
Incident Details -
Type
Data Breach
Impact
Salesforce customer tokens
Response
Public Disclosure By: CEO Chuck Ganapathi
Data Breach
Salesforce customer tokens Sensitivity Of Data: High (authentication tokens)
References
Blog URL Source URL
MAY 2025
762
Breach
15 May 2025 • Gainsight
Gainsight Data Breach Impacting Salesforce Customer Tokens

Gainsight, a customer success management software firm, experienced a security breach that compromised a limited number of its clients' data. The incident was linked to the exposure of **Salesforce customer tokens**, which are critical for authentication and access within the Salesforce ecosystem. CEO Chuck Ganapathi confirmed that while the breach impacted Gainsight’s systems, only a subset of clients had their data compromised. The nature of the breach suggests unauthorized access to sensitive customer-related credentials, potentially enabling further exploitation if misused. Although the exact scope of the stolen data remains undisclosed, the involvement of Salesforce tokens indicates a risk of downstream attacks, such as unauthorized access to client accounts or systems integrated with Gainsight. The breach underscores vulnerabilities in third-party SaaS platforms and the cascading risks posed by credential-based attacks in enterprise software supply chains.

702
critical -60
GAI55104855112725
Incident Details -
Type
Data Breach
Impact
Salesforce customer tokens
Response
Public Disclosure By: CEO Chuck Ganapathi
Data Breach
Salesforce customer tokens Sensitivity Of Data: High (authentication tokens)
Customer Advisories
Disclosed By: CEO Chuck Ganapathi Scope: Limited number of clients affected
Initial Access Broker
Salesforce customer tokens
References
Blog URL Source URL
APRIL 2025
762
MARCH 2025
762
FEBRUARY 2025
762

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Gainsight is 455, which corresponds to a Critical rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for December 2025 was 447.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 506.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 502.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 497.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 487.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 645.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 703.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 762.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 762.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 762.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 762.

Over the past 12 months, the average per-incident point impact on Gainsight’s A.I Rankiteo Cyber Score has been -85.5 points.

You can access Gainsight’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/gainsight.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Gainsight’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/gainsight.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.