Corrects name of cybersecurity expert cited in paragraph 7

By Raphael Satter

WASHINGTON, Nov 20 (Reuters) - Salesforce said Thursday it is investigating “unusual activity” involving Gainsight-published applications that may have exposed customer data.

In a brief statement published to its status portal, Salesforce said the Gainsight-published applications, which are installed and managed by customers "may have enabled unauthorized access to certain customers’ Salesforce data."

Salesforce said in its message that it had temporarily "revoked all active access" to Gainsight's applications. In an email, the company noted that, "There is no indication that this issue resulted from any vulnerability in the Salesforce platform."

Gainsight said on its website that "we continue to work closely with Salesforce as they investigate the unusual activity that led to the revocation of access tokens for Gainsight-published applications." Gainsight didn't immediately return an email for further comment.

Although Reuters could not establish the scope or nature of the incident, hackers have repeatedly exploited the integrations between software-as-service companies like Salesforce and Gainsight to steal data.

Last month, Alphabet's Google said that the exploitation of a weakness at Oracle's E-Business Suite of applications had likely impacted more than 100 companies. In June, Google said hackers had tricked employees of Salesforce clients into installing a modified version of Salesforce’s Data Loader, a proprietary tool used to bulk import files, and compromising their data.

Jaime Blasco, the cofounder of Nudge Security, said it was part of an emerging paradigm.

"Attackers don’t need to breach the core platform when they can compromise an integration with privileged access," he said in a post on LinkedIn. Speaking to Reuters, he said: "This is the new attack surface."

(Reporting by Raphael Satter; Editing by Diane Craft)

((raphael.satter@tr.com; +1 202 430 9389;))