Over 200 Companies Hit in Massive Salesforce Supply-Chain Hack – And the Hackers Are Already Naming Names

If you thought the string of data breaches in 2025 couldn't get any worse, prepare yourself. On November 21, Google’s Threat Intelligence team dropped a bombshell: hackers stole customer data from more than 200 Salesforce instances through a compromised third-party app published by Gainsight, the popular customer-success platform. This isn’t some zero-day exploit in Salesforce itself (both Salesforce and Gainsight are adamant about that). It’s a classic supply-chain attack — the kind that keeps CISOs up at night — and it’s the second wave stemming from the same notorious hacking collective that’s been tormenting Salesforce customers all year.