AWS Launches New Nova AI Models And a Service That Gives Customers More Control

Google Says Hackers Stole Data from 200 Companies: What Happened?

Google says hackers stole data from 200 companies following the Gainsight breach, raising urgent questions about how the attack unfolded, who is affected, and what risks businesses now face. Early reports confirm the breach stemmed from compromised Salesforce apps linked to Gainsight, enabling attackers to access sensitive data stored across multiple corporate Salesforce instances.

Image Credits:Interim Archives / Getty Images

How Did the Gainsight Breach Lead to Such Widespread Data Theft?

Google says hackers stole data from 200 companies after exploiting Gainsight’s integrations, creating a classic supply chain vulnerability. The breach enabled the Scattered Lapsus$ Hunters group—linked to ShinyHunters—to infiltrate a large set of Salesforce environments. By compromising the trusted Gainsight apps, attackers bypassed traditional security controls and gained access to customer records, internal business data, and potentially confidential client interactions.

Who Is Behind the Attacks and What Data Was Exposed?

According to Google, the hacking group publicly claimed responsibility shortly after Salesforce disclosed the incident. Google says hackers stole data from 200 companies by leveraging Gainsight app permissions, giving them visibility into a range of corporate datasets. While the exact contents vary by organization, early findings point to customer metadata, communication logs, account details, and operational information.

What Should Companies Do After Google Says Hackers Stole Data?

Cyber experts recommend that affected organizations rotate Salesforce app tokens, audit access logs, and notify impacted customers. Because Google says hackers stole data from 200 companies via a third-party breach, security teams are urged to reassess supply chain dependencies and strengthen monitoring on integrated SaaS tools. This incident also highlights the growing importance of zero-trust controls for cloud apps and automated anomaly detection to prevent similar attacks.