Preventing OAuth Credential Exposure: Lessons from Gainsight–Salesforce

Executive Summary

Token Security highlights the critical vulnerabilities exposed by a recent breach of Gainsight, a prominent Customer Success Management platform integrated with Salesforce. In November 2025, attackers compromised OAuth tokens for Gainsight’s Salesforce applications, leading to unauthorized access to customer data. Salesforce’s response involved revoking access tokens and clarifying that the breach was rooted in Gainsight’s external connections—not its platform. With implications for over 1,000 customers, this incident underscores the necessity of robust security measures in integrated systems, particularly those involving OAuth credentials.

 Read the full article from Token Security here for comprehensive insights.

Main Highlights

Understanding the Breach

• In November 2025, Gainsight encountered a major security breach involving the compromise of OAuth tokens.
• The breach allowed unauthorized access to sensitive Salesforce data across connected applications.

Salesforce’s Response

• Salesforce confirmed the irregular activity through Gainsight’s connected applications and acted swiftly to revoke all access and refresh tokens.
• Emphasized that the breach stemmed from Gainsight’s external integration rather than vulnerabilities within Salesforce itself.

Scope of Impact

• Google’s Threat Intelligence identified over 200 affected Salesforce instances due to the breach.
• Gainsight services approximately 1,000 customer organizations, amplifying the breach’s potential fallout.

The Importance of OAuth Security

• OAuth tokens can grant access across multiple platforms, necessitating stringent security protocols.
• Organizations using integrated platforms must implement robust measures to protect against unauthorized access.

 Access the full expert analysis and actionable security insights from Token Security here.