India, Nov. 21 -- Salesforce is looking into unusual OAuth activity associated with Gainsight integrations after observing behavior that might have revealed customer data. Initial indications suggest a deliberate effort on the part of a threat group responsible for previous SaaS-oriented attacks.

What started as the regular background traffic between Salesforce and a popular app in Gainsight has since developed into a full-blown security investigation. Salesforce confirmed unusual activity transiting through OAuth connections linked to applications published by Gainsight, and per the company, this behavior may have allowed unauthorized access to customer data through those integrations.

In step with observance, Salesforce removed access...