ShinyHunters 'does not like Salesforce at all,' claims the crew accessed Gainsight 3 months ago ShinyHunters has claimed responsibility for the Gainsight breach that allowed the data thieves to snarf data from hundreds more Salesforce customers. In messages sent to The Register, a member of the extortionist crew said they gained access to Gainsight during the Salesloft Drift hack earlier this year: "We've had access to …
> they snooped around Drift's AWS environment and obtained OAuth tokens ... Salesforce detected the unauthorized activity "pretty quickly," about a week or two after the initial intrusion...
Waitasec. I thot OAuth was (allegedly) more secure than passwords. This sounds exactly as secure as posting my password file on my public server. And "a week" is a novel understanding of "pretty quickly". When I used to hack .MIL password files I had to get in and out in like 14 minutes.
Most of what these criminals do is what every PCI/HIPAA/SOX/ISO-compliant company is required to do on a yearly basis with the critical difference being that its not simply a handful of Kali Linux probes and a 24 man-hour time budget..
The criminals will identify every shortcut your administrators have taken, every security procedure they've glossed over, and every CVE they've ignored.
If the criminals were to send you a contract that said: "if you pay (insert typical Mandiant fee here) and sign this NDA, we will tell you exactly what we did and how we did it, and we will delete any of your data in our posession." Would that make you happy? What if they offer to do it again next year for only %20 of that amount?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
