Update
We have updated FAQ to add in key questions asked in this week’s office hours. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
As part of the remediation effort, we completed the task of deactivating S3 connections for customers whose S3 access keys have not been rotated since before January 2025.
Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
On December 4th, between 6:00 AM - 9:00 AM PT, we will deactivate S3 connections for customers whose S3 access keys have not been rotated since before January 2025 as part of the remediation effort.
Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
A new update regarding IOCs and Office Hours can be found in the FAQs.
FAQs: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
FAQs: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
All customers using Google SSO OAuth, are strongly advised to complete the steps in the FAQ item item “My Google SSO login into Gainsight is failing. What can I do?”— even if access to Gainsight is still functioning—to move to SAML based authentication.
In addition, updated guidance is available for re-authenticating the GS Assist Gmail plugin and Gmail calendar integration, if you are running into issues with these features.
FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
In addition, updated guidance is available for re-authenticating the GS Assist Gmail plugin and Gmail calendar integration, if you are running into issues with these features.
FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
Google SSO logins (Gsuite) are currently failing for small subset of customers who use Google OAuth to sign into Gainsight. To ensure uninterrupted access, we would like to propose an alternative approach using SAML authentication. We support SAML setup with any Identity Provider, including Azure, OneLogin and Google. Our team will be happy to guide you through this configuration. Please see the question “My Google SSO login into Gainsight is failing. What can I do?” in our FAQ for more info - https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
Customers are advised to promptly rotate all S3 and connector credentials (including BigQuery, Zuora, Snowflake, etc.) used with Gainsight as part of standard security best practices. We have included a PDF with details in our FAQs Community Post. The attachment can be found at the bottom of the post.
Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
Customers are advised to promptly rotate all S3 and connector credentials (including BigQuery, Zuora, Snowflake, etc.) used with Gainsight as part of standard security best practices. We have included a PDF with details in our FAQs Community Post. The attachment can be found at the bottom of the post.
Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
Salesforce - Gainsight Connected App Incident FAQ Update (November 24). https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Thank you for your continued patience while we work to resolve this incident.
Forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Thank you for your continued patience while we work to resolve this incident.
Update
Salesforce - Gainsight Connected App Incident FAQ Update (November 23) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
Update
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 which will be updated every 24 hours with any new information.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 which will be updated every 24 hours with any new information.
Update
Salesforce - Gainsight Connected App Incident FAQ Update (November 22) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
Update
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809
We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809
Update
Salesforce - Gainsight Connected App Incident FAQ (November 21st Update) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
Update
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
Update
Salesforce has published an updated Security Advisory on unusual activity related to Gainsight-published applications.
https://help.salesforce.com/s/articleView?id=005229029&type=1
We continue to work closely with Salesforce as part of the ongoing investigation. Gainsight-published applications remain disconnected from Salesforce at this time.
We will provide further updates as additional information becomes available.
https://help.salesforce.com/s/articleView?id=005229029&type=1
We continue to work closely with Salesforce as part of the ongoing investigation. Gainsight-published applications remain disconnected from Salesforce at this time.
We will provide further updates as additional information becomes available.
Update
We continue to work closely with Salesforce on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce.
In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
Update
We want to provide more information on the issue we shared earlier today. We have engaged Mandiant, a leader in cybersecurity, to assist us in our comprehensive, independent forensic investigation.
Our current findings indicate that the activity under investigation originated from the applications’ external connection — not from any issue or vulnerability within the Salesforce platform. Salesforce has independently notified known affected customers and continues to investigate.
As noted in the FAQ, (https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809) Gainsight can provide the IP ranges and subnets that Salesforce login events from the Gainsight Connector should originate from. At this time, these details can only be shared through a support ticket. If you need this information, please open a ticket with our Support team.
We are committed to keeping you informed, and we appreciate your patience and partnership
Our current findings indicate that the activity under investigation originated from the applications’ external connection — not from any issue or vulnerability within the Salesforce platform. Salesforce has independently notified known affected customers and continues to investigate.
As noted in the FAQ, (https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809) Gainsight can provide the IP ranges and subnets that Salesforce login events from the Gainsight Connector should originate from. At this time, these details can only be shared through a support ticket. If you need this information, please open a ticket with our Support team.
We are committed to keeping you informed, and we appreciate your patience and partnership
Update
We continue to work on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. Additionally Zendesk connector access has been revoked as a precaution.
Please refer to our detailed Salesforce - Gainsight Connected App Incident FAQ (November 20th Afternoon Update): https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809
Please refer to our detailed Salesforce - Gainsight Connected App Incident FAQ (November 20th Afternoon Update): https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809
Update
Investigation is ongoing and we will share updates as more information becomes available.
We appreciate your patience and understanding.
We appreciate your patience and understanding.
Update
Access to Gainsight via Salesforce remains unavailable at this time.
We continue to work closely with Salesforce to investigate and resolve the connection issue impacting Gainsight-published applications on the Salesforce platform. Salesforce has temporarily revoked active access tokens for Gainsight-connected apps as a precautionary measure while their investigation into unusual activity continues.
Our security and engineering teams are collaborating with Salesforce to analyze the technical details, validate configurations, and determine safe restoration steps. We are continuing to consolidate information internally and externally and will provide a detailed update within the next 1 hour.
We continue to work closely with Salesforce to investigate and resolve the connection issue impacting Gainsight-published applications on the Salesforce platform. Salesforce has temporarily revoked active access tokens for Gainsight-connected apps as a precautionary measure while their investigation into unusual activity continues.
Our security and engineering teams are collaborating with Salesforce to analyze the technical details, validate configurations, and determine safe restoration steps. We are continuing to consolidate information internally and externally and will provide a detailed update within the next 1 hour.
Update
Customers using Hubspot might find that the Gainsight app has been temporarily pulled from the Hubspot Marketplace as a precautionary measure. This may also impact Oauth access for customer connections while the review is taking place.
We will work with Hubspot on re-listing after thorough review.
No suspicious activity related to Hubspot has been observed at this point. These are precautionary steps only.
Thank you for your patience, we will share additional updates as more information becomes available.
We will work with Hubspot on re-listing after thorough review.
No suspicious activity related to Hubspot has been observed at this point. These are precautionary steps only.
Thank you for your patience, we will share additional updates as more information becomes available.
Update
We continue to work closely with Salesforce as they investigate the unusual activity that led to the revocation of access tokens for Gainsight-published applications.
Our internal investigation is ongoing, We will share additional updates as more information becomes available.
Our internal investigation is ongoing, We will share additional updates as more information becomes available.
Update
We continue to investigate the Salesforce connection issue identified earlier today. Further updates will be provided as soon as more information is available.
Update
We are continuing to work on a fix for this issue.
Update
We are continuing to work on a fix for this issue.
Update
We are actively investigating the issue and continuing to monitor the situation closely. We will share further updates as soon as more information becomes available.
Identified
We have identified connection failures resulting from Salesforce revoking active access for Gainsight SFDC Connector. https://status.salesforce.com/generalmessages/20000233
This is currently causing disruptions to Gainsight functionalities that rely on synchronous or real-time API interactions with Salesforce.
We are investigating further and will update as we have more details.
This is currently causing disruptions to Gainsight functionalities that rely on synchronous or real-time API interactions with Salesforce.
We are investigating further and will update as we have more details.
Investigating
We are investigating reports of Salesforce Connection failures.
We will update soon as we have more details.
We will update soon as we have more details.
This incident affects: Gainsight CS - US1 Region (Gainsight CS US1 Application, US1 Gainsight Salesforce Connector), Gainsight CS - US2 Region (Gainsight CS US2 Application, US2 Gainsight Salesforce Connector), and Gainsight CS - EU Region (Gainsight CS EU Application, EU Gainsight Salesforce Connector).