WASHINGTON, Nov 20 (Reuters) -

Salesforce ( CRM ) said Thursday it is investigating "unusual

activity" involving Gainsight-published applications that may

have exposed customer data.

In a brief statement published to its status portal,

Salesforce ( CRM ) said the Gainsight-published applications, which are

installed and managed by customers "may have enabled

unauthorized access to certain customers' Salesforce ( CRM ) data."

Salesforce ( CRM ) said in its message that it had temporarily

"revoked all active access" to Gainsight's applications. In an

email, the company noted that, "There is no indication that this

issue resulted from any vulnerability in the Salesforce ( CRM )

platform."

Gainsight said on its website that "we continue to work

closely with Salesforce ( CRM ) as they investigate the unusual activity

that led to the revocation of access tokens for

Gainsight-published applications." Gainsight didn't immediately

return an email for further comment.

Although Reuters could not establish the scope or nature of

the incident, hackers have repeatedly exploited the integrations

between software-as-service companies like Salesforce ( CRM ) and

Gainsight to steal data.

Last month, Alphabet's Google said that the exploitation of

a weakness at Oracle's E-Business Suite of applications had

likely impacted more than 100 companies. In June, Google said

hackers had tricked employees of Salesforce ( CRM ) clients into

installing a modified version of Salesforce's ( CRM ) Data Loader, a

proprietary tool used to bulk import files, and compromising

their data.

Jaime Vasco, the cofounder of Nudge Security, said it was

part of an emerging paradigm.

"Attackers don't need to breach the core platform when they

can compromise an integration with privileged access," he said

in a post on LinkedIn. Speaking to Reuters, he said: "This is

the new attack surface."