Déjà Vu in the Cloud: The Drift → Gainsight → Salesforce Breach Is the Canary in the Identity Coal Mine
OAuth token theft is exposing a broken SaaS trust architecture. Over-scoped, untracked integrations let attackers move laterally at scale. This is trust debt coming due.
There’s a particular kind of déjà vu that appears when you watch the same failure repeat, not because people didn’t know better, but because the system itself was built to fail this way. That’s where we are with the news that Salesforce customers have been breached again, this time through Gainsight, a customer success platform that, like Drift before it, enjoys a deep and poorly governed integration into the Salesforce ecosystem.
If you haven’t been following the pattern, here it is in clean, brutal lines:
No one hacked Salesforce.
They hacked the trust relationships we built around Salesforce.
And those relationships are the real attack surface now.
This is not an “app breach story.” This is a story of trust collapse in enterprise SaaS architecture. And it’s only going to get worse, not because the technology is fundamentally broken, but because we’re treating trust as an automatic byproduct of vendor selection instead of something we deliberately manufacture and maintain.
