Gainsight's CEO Chuck Ganapathi downplayed the impact of a recent attack that has affected Salesforce environments. An independent forensic investigation is underway to assess the breach's extent, particularly regarding how it may have spread to other third-party applications. According to Ganapathi, only a small number of customers have been impacted, with Salesforce notifying those affected. However, the details surrounding the attack remain unclear, as Gainsight and Salesforce are providing updates separately. Salesforce initially identified three customers whose data was compromised but has since confirmed additional victims. Google’s Threat Intelligence Group reported that over 200 Salesforce instances could be affected. Inconsistent information is common in supply-chain attacks like this one, complicating the situation. Gainsight is working closely with Salesforce and Mandiant to identify affected parties and analyze the attack's mechanics. Mandiant is focused on reviewing logs and token behaviors to understand how attackers exploited access tokens to breach systems. Gainsight’s chief customer officer, Brent Krempges, advised customers to rely primarily on Salesforce logs for investigation, stating that Gainsight's logs are less useful in assessing risks. He emphasized the importance of IP restrictions for API calls, a measure that requires collaboration among all vendors in the supply chain. Ganapathi committed to sharing lessons learned from the incident to help strengthen defenses within the SaaS community. This incident mirrors a previous attack that affected more than 700 customers using Salesloft Drift with Salesforce, highlighting ongoing vulnerabilities in integrated software environments.