Update
Salesforce has approved the managed packages for Customer community (CC), Skilljar, Northpass, and PX. Customers can now begin reconnecting these products to Salesforce. Additional guidance will be shared as reconnections progress.
Update
The Zendesk Connector 2.0 is now available for authorization and use with Gainsight CS. Zendesk Connector 1.0 is deprecated, and the Zendesk Widget is not yet enabled—see Community for details.
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
The new Staircase Salesforce Connector is now available and recommended for all new connections. Existing connections will continue to work for now; see the Community post for details and documentation.
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-faqs-29809
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-faqs-29809
Update
CS SSO Managed Package Is Now Available on Salesforce AppExchange. Details updated in FAQ. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-faqs-29809
Update
To improve stability following Gong.io re-enablement, call syncs are temporarily running twice daily (12:00 AM and 12:00 PM UTC). See the Community FAQ for details:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-faqs-29809
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-faqs-29809
Update
Gong.io connector with Gainsight has been approved for use. Here are instructions in FAQ on how to re-enable your Gong.io connector.
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-faqs-29809
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-faqs-29809
Update
Resolved: The Salesforce Connector access issue identified earlier today has been fully addressed. Connectivity has been restored and no further action is needed.
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
Hubspot connector with Gainsight has been approved for use. Here are the instructions in FAQ on how to re-enable your Hubspot connector.
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
CS Slack apps have been re-enabled and re-listed!
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
We’ve published Community updates on Gainsight’s Salesforce Managed Packages, the status of HubSpot, Gong.io, and Zendesk integrations, and Slack app progress. The Staircase Slack app is now re-enabled, with other CS Slack apps coming soon.
Please review the Community link for the latest information.
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Please review the Community link for the latest information.
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Monitoring
The new managed package that powers the data integration between Gainsight CS and Salesforce has successfully completed the AppExchange security review and has been published (may take a bit to show up in search due to indexing).
You can continue using the installation links included in our community post under the December 11th update "How can I get the Gainsight-Salesforce connection working now?" until they show up in search. In addition, you won't see the warning message highlighted in the post anymore.
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
You can continue using the installation links included in our community post under the December 11th update "How can I get the Gainsight-Salesforce connection working now?" until they show up in search. In addition, you won't see the warning message highlighted in the post anymore.
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
Salesforce connectivity for Gainsight CS has been approved and restoration is underway. Core Salesforce-dependent workflows are now available after reauthorization, with additional features being brought back online progressively. See the https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809 for details and next steps.
Update
Please see FAQs for updated instructions on how to get the Gainsight-Saleforce connection working.
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
Great news — Salesforce has approved the Gainsight Managed Package with UI. This means you can once again access the Gainsight UI directly inside Salesforce, just as you could before.
Salesforce has also approved the Gainsight Connected Apps that power data exchange between Gainsight and Salesforce. With this approval in place, customers can begin bringing their Salesforce-connected workflows back online.
To resume data flow, the Gainsight Connected App needs to be reauthorized.
We’re excited to be moving into this restoration phase and will continue to share updates and guidance as more functionality comes back online. A follow-up with more details will be coming later today.
Salesforce has also approved the Gainsight Connected Apps that power data exchange between Gainsight and Salesforce. With this approval in place, customers can begin bringing their Salesforce-connected workflows back online.
To resume data flow, the Gainsight Connected App needs to be reauthorized.
We’re excited to be moving into this restoration phase and will continue to share updates and guidance as more functionality comes back online. A follow-up with more details will be coming later today.
Update
We’ve added resources to help Gainsight admins get ready for reconnecting with Salesforce once restoration begins. Visit our Community post for details and Office Hours registration.
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
Please see an important status update from our CEO Chuck Ganapathi regarding the completion of security investigations:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
We wanted to share an important update: both Mandiant and CrowdStrike have completed their independent investigations. We’ve already shared this investigation summary with Salesforce and are now reviewing the findings together. Once those conversations are complete, we’ll publish the investigation summary on our Trust site, so you have full visibility as well.
In parallel, we are proactively working with our partners at Zendesk, HubSpot, and Gong.io to keep them fully updated so we can get those integrations re-enabled as quickly and safely as possible.
Thank you for your patience and partnership as we work through this final step.
For additional clarifying info see https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
In parallel, we are proactively working with our partners at Zendesk, HubSpot, and Gong.io to keep them fully updated so we can get those integrations re-enabled as quickly and safely as possible.
Thank you for your patience and partnership as we work through this final step.
For additional clarifying info see https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
We have updated FAQ to add in key questions asked in this week’s office hours. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
As part of the remediation effort, we completed the task of deactivating S3 connections for customers whose S3 access keys have not been rotated since before January 2025.
Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
On December 4th, between 6:00 AM - 9:00 AM PT, we will deactivate S3 connections for customers whose S3 access keys have not been rotated since before January 2025 as part of the remediation effort.
Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
A new update regarding IOCs and Office Hours can be found in the FAQs.
FAQs: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
FAQs: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
All customers using Google SSO OAuth, are strongly advised to complete the steps in the FAQ item item “My Google SSO login into Gainsight is failing. What can I do?”— even if access to Gainsight is still functioning—to move to SAML based authentication.
In addition, updated guidance is available for re-authenticating the GS Assist Gmail plugin and Gmail calendar integration, if you are running into issues with these features.
FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
In addition, updated guidance is available for re-authenticating the GS Assist Gmail plugin and Gmail calendar integration, if you are running into issues with these features.
FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
Google SSO logins (Gsuite) are currently failing for small subset of customers who use Google OAuth to sign into Gainsight. To ensure uninterrupted access, we would like to propose an alternative approach using SAML authentication. We support SAML setup with any Identity Provider, including Azure, OneLogin and Google. Our team will be happy to guide you through this configuration. Please see the question “My Google SSO login into Gainsight is failing. What can I do?” in our FAQ for more info - https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
Customers are advised to promptly rotate all S3 and connector credentials (including BigQuery, Zuora, Snowflake, etc.) used with Gainsight as part of standard security best practices. We have included a PDF with details in our FAQs Community Post. The attachment can be found at the bottom of the post.
Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
Customers are advised to promptly rotate all S3 and connector credentials (including BigQuery, Zuora, Snowflake, etc.) used with Gainsight as part of standard security best practices. We have included a PDF with details in our FAQs Community Post. The attachment can be found at the bottom of the post.
Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Update
Salesforce - Gainsight Connected App Incident FAQ Update (November 24). https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Thank you for your continued patience while we work to resolve this incident.
Forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Thank you for your continued patience while we work to resolve this incident.
Update
Salesforce - Gainsight Connected App Incident FAQ Update (November 23) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
Update
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 which will be updated every 24 hours with any new information.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 which will be updated every 24 hours with any new information.
Update
Salesforce - Gainsight Connected App Incident FAQ Update (November 22) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
Update
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809
We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809
Update
Salesforce - Gainsight Connected App Incident FAQ (November 21st Update) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
Update
We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
Update
Salesforce has published an updated Security Advisory on unusual activity related to Gainsight-published applications.
https://help.salesforce.com/s/articleView?id=005229029&type=1
We continue to work closely with Salesforce as part of the ongoing investigation. Gainsight-published applications remain disconnected from Salesforce at this time.
We will provide further updates as additional information becomes available.
https://help.salesforce.com/s/articleView?id=005229029&type=1
We continue to work closely with Salesforce as part of the ongoing investigation. Gainsight-published applications remain disconnected from Salesforce at this time.
We will provide further updates as additional information becomes available.
Update
We continue to work closely with Salesforce on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce.
In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.
Update
We want to provide more information on the issue we shared earlier today. We have engaged Mandiant, a leader in cybersecurity, to assist us in our comprehensive, independent forensic investigation.
Our current findings indicate that the activity under investigation originated from the applications’ external connection — not from any issue or vulnerability within the Salesforce platform. Salesforce has independently notified known affected customers and continues to investigate.
As noted in the FAQ, (https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809) Gainsight can provide the IP ranges and subnets that Salesforce login events from the Gainsight Connector should originate from. At this time, these details can only be shared through a support ticket. If you need this information, please open a ticket with our Support team.
We are committed to keeping you informed, and we appreciate your patience and partnership
Our current findings indicate that the activity under investigation originated from the applications’ external connection — not from any issue or vulnerability within the Salesforce platform. Salesforce has independently notified known affected customers and continues to investigate.
As noted in the FAQ, (https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809) Gainsight can provide the IP ranges and subnets that Salesforce login events from the Gainsight Connector should originate from. At this time, these details can only be shared through a support ticket. If you need this information, please open a ticket with our Support team.
We are committed to keeping you informed, and we appreciate your patience and partnership
Update
We continue to work on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. Additionally Zendesk connector access has been revoked as a precaution.
Please refer to our detailed Salesforce - Gainsight Connected App Incident FAQ (November 20th Afternoon Update): https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809
Please refer to our detailed Salesforce - Gainsight Connected App Incident FAQ (November 20th Afternoon Update): https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809
Update
Investigation is ongoing and we will share updates as more information becomes available.
We appreciate your patience and understanding.
We appreciate your patience and understanding.
Update
Access to Gainsight via Salesforce remains unavailable at this time.
We continue to work closely with Salesforce to investigate and resolve the connection issue impacting Gainsight-published applications on the Salesforce platform. Salesforce has temporarily revoked active access tokens for Gainsight-connected apps as a precautionary measure while their investigation into unusual activity continues.
Our security and engineering teams are collaborating with Salesforce to analyze the technical details, validate configurations, and determine safe restoration steps. We are continuing to consolidate information internally and externally and will provide a detailed update within the next 1 hour.
We continue to work closely with Salesforce to investigate and resolve the connection issue impacting Gainsight-published applications on the Salesforce platform. Salesforce has temporarily revoked active access tokens for Gainsight-connected apps as a precautionary measure while their investigation into unusual activity continues.
Our security and engineering teams are collaborating with Salesforce to analyze the technical details, validate configurations, and determine safe restoration steps. We are continuing to consolidate information internally and externally and will provide a detailed update within the next 1 hour.
Update
Customers using Hubspot might find that the Gainsight app has been temporarily pulled from the Hubspot Marketplace as a precautionary measure. This may also impact Oauth access for customer connections while the review is taking place.
We will work with Hubspot on re-listing after thorough review.
No suspicious activity related to Hubspot has been observed at this point. These are precautionary steps only.
Thank you for your patience, we will share additional updates as more information becomes available.
We will work with Hubspot on re-listing after thorough review.
No suspicious activity related to Hubspot has been observed at this point. These are precautionary steps only.
Thank you for your patience, we will share additional updates as more information becomes available.
Update
We continue to work closely with Salesforce as they investigate the unusual activity that led to the revocation of access tokens for Gainsight-published applications.
Our internal investigation is ongoing, We will share additional updates as more information becomes available.
Our internal investigation is ongoing, We will share additional updates as more information becomes available.
Update
We continue to investigate the Salesforce connection issue identified earlier today. Further updates will be provided as soon as more information is available.
Update
We are continuing to work on a fix for this issue.
Update
We are continuing to work on a fix for this issue.
Update
We are actively investigating the issue and continuing to monitor the situation closely. We will share further updates as soon as more information becomes available.
Identified
We have identified connection failures resulting from Salesforce revoking active access for Gainsight SFDC Connector. https://status.salesforce.com/generalmessages/20000233
This is currently causing disruptions to Gainsight functionalities that rely on synchronous or real-time API interactions with Salesforce.
We are investigating further and will update as we have more details.
This is currently causing disruptions to Gainsight functionalities that rely on synchronous or real-time API interactions with Salesforce.
We are investigating further and will update as we have more details.
Investigating
We are investigating reports of Salesforce Connection failures.
We will update soon as we have more details.
We will update soon as we have more details.
This incident affects: Gainsight CS - US1 Region (Gainsight CS US1 Application, US1 Gainsight Salesforce Connector), Gainsight CS - US2 Region (Gainsight CS US2 Application, US2 Gainsight Salesforce Connector), and Gainsight CS - EU Region (Gainsight CS EU Application, EU Gainsight Salesforce Connector).