In an early morning advisory yesterday, Salesforce says it revoked refresh tokens linked to Gainsight-published applications while it investigates data theft and attacks targeting potentially hundreds of customers.

The company highlighted that the incident doesn’t originate from a vulnerability within its platform as all evidence is derived from malicious activity related to the Gainsight app’s external connection to Salesforce.

“Salesforce has identified unusual activity involving Gainsight-published applications connected to Salesforce, which are installed and managed directly by customers. Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection.

“Upon detecting the activity, Salesforce revoked all active access and refresh tokens associated with Gainsight-published applications connected to Salesforce and temporarily removed those applications from the AppExchange while our investigation continues,” Salesforce said in a Thursday morning advisory.

During the August 2025 Salesloft breach, “Scattered Lapsus$ Hunters” stole sensitive information from the customers of 760 companies using stolen OAuth tokens for Salesloft’s Drift AI chat integration with Salesforce, resulting in the theft of 1.5 billion Salesforce records.

Thursday, ShinyHunters told Bleeping Computer they gained access to 285 Salesforce instances after breaching Gainsight via data stolen in the Salesloft drift breach.

Gainsight did not say how its customers’ access tokens may have been compromised, but previously said it was also one of the Salesloft Drift customers impacted in the previous attacks.

Gainsight has an update and FAQ page for customer support, while Salesforce has alerted all impacted customers of this incident. 

John Carberry, Solution Sleuth, Xcape, Inc. had this to say:

   “Salesforce’s confirmation that over 200 organizations were exposed through misconfigured Gainsight apps is another sobering reminder that your biggest danger in the SaaS world is frequently someone else’s integration.

   “This incident demonstrates how long the tail of a supply-chain vulnerability can be. It builds immediately on the previous Salesloft/Drift breach, in which attackers allegedly stole OAuth tokens and are now utilizing that access to pivot into 285 Salesforce instances.

   “Technically, Salesforce did the right thing by removing all Gainsight-related tokens and removing the apps from the AppExchange, but for customers, this highlights an unsettling reality. Even if the core platform isn’t vulnerable, over-privileged third-party apps can still gain access to your CRM crown jewels.

   “This incident makes it abundantly evident that, even in cases when a core platform is secure, the broad permissions given to integrated applications that appear to be harmless continue to be the weakest link in the cloud ecosystem.

   “Moving forward, companies must handle linked apps as high-risk identities. Inventory them, give them the least privilege required, keep an eye on their activity, and be prepared to quickly revoke trust when anomalous behavior is detected. Attackers will have easy access to your client data if you don’t regularly examine your SaaS integrations and tighten OAuth scopes.

  “In 2025, the real zero day isn’t in your CRM; it’s in the third-party app you forgot was connected to it.”

Lydia Zhang, President & Co-Founder,Ridge Security Technology Inc. followed up with this:

   “It’s clear that once attackers succeed in a large-scale breach, it becomes progressively easier for them to leverage the compromised data and tokens to achieve additional attacks.

   “The message for defenders is that patching the initially ‘broken’ door isn’t enough, you must thoroughly inspect every part of your environment to ensure the attackers cannot reuse access from a prior breach to open new doors.”

Denis Calderone CRO & COO, Suzu Labs adds this:

   “We’ve been warning clients about this scenario for years, that the SaaS integration trust chain is almost always longer and more complex than anyone realizes.

   “This is like a Russian nesting doll: Salesloft gets breached, which exposes Gainsight, which compromises 200+ Salesforce customers. You might know you’re using Gainsight, but do you know Gainsight integrates with Salesloft? That visibility gap is where these cascading breaches live.

   “Organizations should focus heavily on OAuth hygiene and conditional access policies. Organizations need to continuously monitor OAuth token usage for abnormalities: unusual data volumes, unexpected geographic access, dormant tokens suddenly going active. When something doesn’t look right, automatically revoke refresh tokens. Don’t wait for vendor disclosure. If a token that’s been quiet for months suddenly pulls gigabytes of data, that’s your signal.

   “And here’s the simple part: if you see a dormant OAuth token that hasn’t been used in 60 or 90 days, just revoke it. This will limit your blast radius with minimal impact on user experience.”

Supply chain attacks are starting to become as bad as ransomware as organizations are falling victim to these attacks left, right center. This reinforces that organizations need to take action to mitigate this threat right now.

Members of the Active Archive Alliance recently shared their predictions for data management as it relates to active archives in 2026. These newly released predictions reveal a major shift: active archives are no longer a “nice-to-have” tier. They are becoming the architectural backbone that enables AI at scale.

Below is a list of the top 13 upcoming trends for your review:

Active archives will play a central role in ensuring high-value datasets remain instantly accessible. Organizations will increasingly adopt a combination of active archives, intelligent tiering, and hybrid cloud architectures to optimize storage utilization at scale. Tiering is necessary to group large datasets and assign them levels of importance and priority. An active archive serves this purpose well, as it allows data to be relegated to a lower tier while still being available rapidly should it be needed by the AI engine. Organizations that fail to modernize their storage strategies will risk higher costs, slower AI deployment, and diminished competitiveness in an increasingly data-driven world. – Eric Polet, Director of Product Marketing, Arcitecta

Tape for long-term storage

Driven by exponential data growth and the need for lower-cost, energy-efficient, long-term storage, tape is poised to become a cornerstone of active archival tiers within hybrid storage architectures. – Marc Steinhilber, CEO, BDT Media Automation GmbH

Active archives will require sophisticated data analytics

The industry hit the storage wall as we predicted last year – rising lead times, media and stock prices tell the story. Active archives require sophisticated data analytics, as archives evolve from data dumps to data sources. Data storage must be accessible, sustainable, and affordable to unleash the full potential of AI. – Martin Kunze, CMO and Co-Founder, Cerabyte

Managing data growth is becoming more than just a challenge with IT teams barely able to keep up with demands for performance storage

In the AI data-driven world of 2026 and beyond, IT teams will be compelled to strategically leverage active archiving. With intelligent data management, an active archive solution allows for automated movement of data, based on user defined policy, moving data from expensive, energy intensive performance storage to eco-friendly, economy storage tiers such as today’s modern automated tape systems. This frees up overwhelmed performance storage tiers while maintaining ease of access to always online active archive content. – Rich Gadomski, Dir. Channel Sales and New Business Development, FUJIFILM North America Corp., Data Storage Solutions

Modern object storage will expand to include long-term tape solutions
The explosion of Generative AI and increased demand for unstructured data retention is exceeding modern IT budget growth. Standardized object storage interfaces are making it easy to move data, but object storage was designed as a single tier utilizing hard disk drives. Tiering will become a standard requirement for active data object storage vendors. Modern object storage solutions will expand support to include tape and other long-term storage mediums as an object storage deep archive target, at a fraction of the cost of cloud archives.  Cloud will continue to be part of the hybrid data protection strategy. The result will be lowered costs for organizations storing Petabytes of data.  – Mark Hill, Business Line Executive Data Retention Infrastructure, IBM

AI as the “archivist’s assistant” for value extraction

The role of the active archive will fundamentally change from a secure ‘holding tank’ to a ‘Data Intelligence Sandbox.’ AI will move beyond just classification and indexing to provide more robust and useful search, automatically identifying and connecting data—such as linking a decades-old research document to a currently active patent—transforming long-tail archived data into a persistent, accessible “corporate memory” that drives net-new R&D and revenue either for that organization or by monetizing the data to offer other organizations. – Paul Luppino, Director, Global Digital Solutions, Iron Mountain

The evolution of cold storage

Cold storage solutions will evolve to provide near-instant access (within seconds) to archived data, making it truly “active” rather than dormant. – Pete Paisley, Owner, MagStor

The rise of geo-distributed active archives based on S3-to-tape technology
By 2026, the deployment of geo-distributed active archives leveraging modern tape libraries is expected to accelerate across enterprises and data center environments. This development is driven by sustained data growth, rising energy and storage costs, and growing demands for data resilience and regulatory compliance.

Advancements in tape system integration, such as S3 object storage compatibility, metadata-driven access, and seamless connection to cloud workflows, are transforming S3-to-Tape systems into geo-aware active archives. These systems enable cost-efficient, sustainable, and cyber-resilient data preservation across multiple geographic locations.

Consequently, S3-to-Tape solutions will play a pivotal role in shaping long-term, distributed data management architectures. – Thomas Thalmann, CEO, PoINT Software & Systems GmbH

Companies that adopt active data archive solutions will be driven not just by cost savings but by compounding pressures such as:

• Exponential growth in attack surfaces, vectors and points of entry
• Required recovery of minimum business operations without ransomware payment
• Regulatory enforcement that punishes non-compliance heavily
• Rising cost of infrastructure and energy
• Corporate sustainability mandates
• Increasing volumes of AI-derived data with long-term retention requirements

These forces will make active archives strategically essential. As the most modern and efficient long-term data storage architecture designed for AI-era complexities, active archives enable early adopters to gain competitive advantages through lower compliance risk, reduced long-term costs, faster audit response, and lessened environmental impact. – Rick Bump, Chief Executive Officer and Co-Founder, SAVARTUS

AI meets its infrastructure reckoning

The race to scale artificial intelligence will collide head-on with the physical limits of power, space, and sustainability. The world’s data centers—already consuming nearly 5% of global electricity—will face unprecedented pressure as exabyte-scale datasets multiply and GPU-driven workloads demand 24/7 throughput. The winners in this next phase won’t be those who build the biggest models, but those who build the smartest infrastructure. Expect a paradigm shift that incorporates the concept of active archives—energy-aware, cyber-resilient tiers where cold data moves from cloud and disk to modern tape systems that consume virtually no power at rest yet remain immediately accessible. This balance of intelligence and efficiency will define digital progress in 2026 and beyond: AI innovation sustained not by endless compute, but by thoughtful, scalable data preservation that keeps the lights on—literally. – Ted Oade, Director of Product Marketing, Spectra Logic

Cloud-based, active archives will no longer be thought of as secondary storage, they become an extension of primary storage. We expect demands for instant access to archived content to only increase  – perhaps double or triple over the next few years – as adoption of AI, analytics, threat hunting, media workflows, and compliance accelerate. Data has gravity and cloud-based archives are a way to balance storage costs with demand for accessibility and we expect demand for more active “always available” storage to grow unabated. – George Hamilton, Director of Product Marketing, Wasabi

AI infrastructure will demand smarter access to all data

As AI workloads grow in complexity and scale, the way data centers manage and access storage is undergoing a fundamental shift. Traditional architectures are struggling to keep up with the demands of real-time analytics, model training, and inference. What’s emerging is a need for infrastructure that’s not only high-performance, but also flexible enough to span edge, core, and cloud environments. To support the full AI lifecycle, systems must deliver consistent performance while also enabling intelligent access to archival data, ensuring that even historical information can be leveraged efficiently and meaningfully.  – Scott Hamilton, Senior Director, Product Management, Marketing & CX, Western Digital

Hybrid deployments for large active archives

The use of hybrid configurations that combine on-premises storage and cloud will continue to grow. This is especially the case for large active media archives where on-premises storage provides high performance and cost-effectiveness and, when combined with cloud object storage, the solution provides a high level of data protection. – Phil Storey, CEO, XenData