Gainsight Status

Identified: We have updated FAQ to add in key questions asked in this week’s office hours. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: As part of the remediation effort, we completed the task of deactivating S3 connections for customers whose S3 access keys have not been rotated since before January 2025.

Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: On December 4th, between 6:00 AM - 9:00 AM PT, we will deactivate S3 connections for customers whose S3 access keys have not been rotated since before January 2025 as part of the remediation effort.

Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: A new update regarding IOCs and Office Hours can be found in the FAQs. FAQs: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: All customers using Google SSO OAuth, are strongly advised to complete the steps in the FAQ item item “My Google SSO login into Gainsight is failing. What can I do?”— even if access to Gainsight is still functioning—to move to SAML based authentication.

In addition, updated guidance is available for re-authenticating the GS Assist Gmail plugin and Gmail calendar integration, if you are running into issues with these features.

FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: Google SSO logins (Gsuite) are currently failing for small subset of customers who use Google OAuth to sign into Gainsight. To ensure uninterrupted access, we would like to propose an alternative approach using SAML authentication. We support SAML setup with any Identity Provider, including Azure, OneLogin and Google. Our team will be happy to guide you through this configuration. Please see the question “My Google SSO login into Gainsight is failing. What can I do?” in our FAQ for more info - https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.

We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Customers are advised to promptly rotate all S3 and connector credentials (including BigQuery, Zuora, Snowflake, etc.) used with Gainsight as part of standard security best practices. We have included a PDF with details in our FAQs Community Post. The attachment can be found at the bottom of the post.

Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 24). https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Thank you for your continued patience while we work to resolve this incident.

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 23) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 which will be updated every 24 hours with any new information.

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 22) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

Identified: Salesforce - Gainsight Connected App Incident FAQ (November 21st Update) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: Salesforce has published an updated Security Advisory on unusual activity related to Gainsight-published applications. https://help.salesforce.com/s/articleView?id=005229029&type=1 We continue to work closely with Salesforce as part of the ongoing investigation. Gainsight-published applications remain disconnected from Salesforce at this time. We will provide further updates as additional information becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We want to provide more information on the issue we shared earlier today. We have engaged Mandiant, a leader in cybersecurity, to assist us in our comprehensive, independent forensic investigation.

Our current findings indicate that the activity under investigation originated from the applications’ external connection — not from any issue or vulnerability within the Salesforce platform. Salesforce has independently notified known affected customers and continues to investigate.

As noted in the FAQ, (https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809) Gainsight can provide the IP ranges and subnets that Salesforce login events from the Gainsight Connector should originate from. At this time, these details can only be shared through a support ticket. If you need this information, please open a ticket with our Support team.

We are committed to keeping you informed, and we appreciate your patience and partnership

Identified: We continue to work on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. Additionally Zendesk connector access has been revoked as a precaution. Please refer to our detailed Salesforce - Gainsight Connected App Incident FAQ (November 20th Afternoon Update): https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

Identified: Investigation is ongoing and we will share updates as more information becomes available. We appreciate your patience and understanding.

Identified: Access to Gainsight via Salesforce remains unavailable at this time. We continue to work closely with Salesforce to investigate and resolve the connection issue impacting Gainsight-published applications on the Salesforce platform. Salesforce has temporarily revoked active access tokens for Gainsight-connected apps as a precautionary measure while their investigation into unusual activity continues.

Our security and engineering teams are collaborating with Salesforce to analyze the technical details, validate configurations, and determine safe restoration steps. We are continuing to consolidate information internally and externally and will provide a detailed update within the next 1 hour.

Identified: Customers using Hubspot might find that the Gainsight app has been temporarily pulled from the Hubspot Marketplace as a precautionary measure. This may also impact Oauth access for customer connections while the review is taking place. We will work with Hubspot on re-listing after thorough review. No suspicious activity related to Hubspot has been observed at this point. These are precautionary steps only. Thank you for your patience, we will share additional updates as more information becomes available.

Identified: We continue to work closely with Salesforce as they investigate the unusual activity that led to the revocation of access tokens for Gainsight-published applications. Our internal investigation is ongoing, We will share additional updates as more information becomes available.

Identified: We continue to investigate the Salesforce connection issue identified earlier today. Further updates will be provided as soon as more information is available.

Identified: We are continuing to work on a fix for this issue.

Identified: We are continuing to work on a fix for this issue.

Identified: We are actively investigating the issue and continuing to monitor the situation closely. We will share further updates as soon as more information becomes available.

Identified: We have identified connection failures resulting from Salesforce revoking active access for Gainsight SFDC Connector. https://status.salesforce.com/generalmessages/20000233

This is currently causing disruptions to Gainsight functionalities that rely on synchronous or real-time API interactions with Salesforce.

We are investigating further and will update as we have more details.

Investigating: We are investigating reports of Salesforce Connection failures.
We will update soon as we have more details.

Resolved: Please refer to the Ongoing Salesforce Incident for the latest information: https://status.gainsight.com/incidents/gvng0kly8vwf

Investigating: Thank you for your patience as we continue to investigate this issue. Only customers using GSuite for SSO are affected at this time.

Investigating: We are investigating login issues for a subset of customers using GSuite for SSO.

Identified: We have updated FAQ to add in key questions asked in this week’s office hours. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: As part of the remediation effort, we completed the task of deactivating S3 connections for customers whose S3 access keys have not been rotated since before January 2025.

Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: On December 4th, between 6:00 AM - 9:00 AM PT, we will deactivate S3 connections for customers whose S3 access keys have not been rotated since before January 2025 as part of the remediation effort.

Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: A new update regarding IOCs and Office Hours can be found in the FAQs. FAQs: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: All customers using Google SSO OAuth, are strongly advised to complete the steps in the FAQ item item “My Google SSO login into Gainsight is failing. What can I do?”— even if access to Gainsight is still functioning—to move to SAML based authentication.

In addition, updated guidance is available for re-authenticating the GS Assist Gmail plugin and Gmail calendar integration, if you are running into issues with these features.

FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: Google SSO logins (Gsuite) are currently failing for small subset of customers who use Google OAuth to sign into Gainsight. To ensure uninterrupted access, we would like to propose an alternative approach using SAML authentication. We support SAML setup with any Identity Provider, including Azure, OneLogin and Google. Our team will be happy to guide you through this configuration. Please see the question “My Google SSO login into Gainsight is failing. What can I do?” in our FAQ for more info - https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.

We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Customers are advised to promptly rotate all S3 and connector credentials (including BigQuery, Zuora, Snowflake, etc.) used with Gainsight as part of standard security best practices. We have included a PDF with details in our FAQs Community Post. The attachment can be found at the bottom of the post.

Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 24). https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Thank you for your continued patience while we work to resolve this incident.

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 23) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 which will be updated every 24 hours with any new information.

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 22) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

Identified: Salesforce - Gainsight Connected App Incident FAQ (November 21st Update) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: Salesforce has published an updated Security Advisory on unusual activity related to Gainsight-published applications. https://help.salesforce.com/s/articleView?id=005229029&type=1 We continue to work closely with Salesforce as part of the ongoing investigation. Gainsight-published applications remain disconnected from Salesforce at this time. We will provide further updates as additional information becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We want to provide more information on the issue we shared earlier today. We have engaged Mandiant, a leader in cybersecurity, to assist us in our comprehensive, independent forensic investigation.

Our current findings indicate that the activity under investigation originated from the applications’ external connection — not from any issue or vulnerability within the Salesforce platform. Salesforce has independently notified known affected customers and continues to investigate.

As noted in the FAQ, (https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809) Gainsight can provide the IP ranges and subnets that Salesforce login events from the Gainsight Connector should originate from. At this time, these details can only be shared through a support ticket. If you need this information, please open a ticket with our Support team.

We are committed to keeping you informed, and we appreciate your patience and partnership

Identified: We continue to work on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. Additionally Zendesk connector access has been revoked as a precaution. Please refer to our detailed Salesforce - Gainsight Connected App Incident FAQ (November 20th Afternoon Update): https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

Identified: Investigation is ongoing and we will share updates as more information becomes available. We appreciate your patience and understanding.

Identified: Access to Gainsight via Salesforce remains unavailable at this time. We continue to work closely with Salesforce to investigate and resolve the connection issue impacting Gainsight-published applications on the Salesforce platform. Salesforce has temporarily revoked active access tokens for Gainsight-connected apps as a precautionary measure while their investigation into unusual activity continues.

Our security and engineering teams are collaborating with Salesforce to analyze the technical details, validate configurations, and determine safe restoration steps. We are continuing to consolidate information internally and externally and will provide a detailed update within the next 1 hour.

Identified: Customers using Hubspot might find that the Gainsight app has been temporarily pulled from the Hubspot Marketplace as a precautionary measure. This may also impact Oauth access for customer connections while the review is taking place. We will work with Hubspot on re-listing after thorough review. No suspicious activity related to Hubspot has been observed at this point. These are precautionary steps only. Thank you for your patience, we will share additional updates as more information becomes available.

Identified: We continue to work closely with Salesforce as they investigate the unusual activity that led to the revocation of access tokens for Gainsight-published applications. Our internal investigation is ongoing, We will share additional updates as more information becomes available.

Identified: We continue to investigate the Salesforce connection issue identified earlier today. Further updates will be provided as soon as more information is available.

Identified: We are continuing to work on a fix for this issue.

Identified: We are continuing to work on a fix for this issue.

Identified: We are actively investigating the issue and continuing to monitor the situation closely. We will share further updates as soon as more information becomes available.

Identified: We have identified connection failures resulting from Salesforce revoking active access for Gainsight SFDC Connector. https://status.salesforce.com/generalmessages/20000233

This is currently causing disruptions to Gainsight functionalities that rely on synchronous or real-time API interactions with Salesforce.

We are investigating further and will update as we have more details.

Investigating: We are investigating reports of Salesforce Connection failures.
We will update soon as we have more details.

Identified: We have updated FAQ to add in key questions asked in this week’s office hours. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: As part of the remediation effort, we completed the task of deactivating S3 connections for customers whose S3 access keys have not been rotated since before January 2025.

Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: On December 4th, between 6:00 AM - 9:00 AM PT, we will deactivate S3 connections for customers whose S3 access keys have not been rotated since before January 2025 as part of the remediation effort.

Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: A new update regarding IOCs and Office Hours can be found in the FAQs. FAQs: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: All customers using Google SSO OAuth, are strongly advised to complete the steps in the FAQ item item “My Google SSO login into Gainsight is failing. What can I do?”— even if access to Gainsight is still functioning—to move to SAML based authentication.

In addition, updated guidance is available for re-authenticating the GS Assist Gmail plugin and Gmail calendar integration, if you are running into issues with these features.

FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: Google SSO logins (Gsuite) are currently failing for small subset of customers who use Google OAuth to sign into Gainsight. To ensure uninterrupted access, we would like to propose an alternative approach using SAML authentication. We support SAML setup with any Identity Provider, including Azure, OneLogin and Google. Our team will be happy to guide you through this configuration. Please see the question “My Google SSO login into Gainsight is failing. What can I do?” in our FAQ for more info - https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.

We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Customers are advised to promptly rotate all S3 and connector credentials (including BigQuery, Zuora, Snowflake, etc.) used with Gainsight as part of standard security best practices. We have included a PDF with details in our FAQs Community Post. The attachment can be found at the bottom of the post.

Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 24). https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Thank you for your continued patience while we work to resolve this incident.

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 23) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 which will be updated every 24 hours with any new information.

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 22) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

Identified: Salesforce - Gainsight Connected App Incident FAQ (November 21st Update) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: Salesforce has published an updated Security Advisory on unusual activity related to Gainsight-published applications. https://help.salesforce.com/s/articleView?id=005229029&type=1 We continue to work closely with Salesforce as part of the ongoing investigation. Gainsight-published applications remain disconnected from Salesforce at this time. We will provide further updates as additional information becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We want to provide more information on the issue we shared earlier today. We have engaged Mandiant, a leader in cybersecurity, to assist us in our comprehensive, independent forensic investigation.

Our current findings indicate that the activity under investigation originated from the applications’ external connection — not from any issue or vulnerability within the Salesforce platform. Salesforce has independently notified known affected customers and continues to investigate.

As noted in the FAQ, (https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809) Gainsight can provide the IP ranges and subnets that Salesforce login events from the Gainsight Connector should originate from. At this time, these details can only be shared through a support ticket. If you need this information, please open a ticket with our Support team.

We are committed to keeping you informed, and we appreciate your patience and partnership

Identified: We continue to work on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. Additionally Zendesk connector access has been revoked as a precaution. Please refer to our detailed Salesforce - Gainsight Connected App Incident FAQ (November 20th Afternoon Update): https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

Identified: Investigation is ongoing and we will share updates as more information becomes available. We appreciate your patience and understanding.

Identified: Access to Gainsight via Salesforce remains unavailable at this time. We continue to work closely with Salesforce to investigate and resolve the connection issue impacting Gainsight-published applications on the Salesforce platform. Salesforce has temporarily revoked active access tokens for Gainsight-connected apps as a precautionary measure while their investigation into unusual activity continues.

Our security and engineering teams are collaborating with Salesforce to analyze the technical details, validate configurations, and determine safe restoration steps. We are continuing to consolidate information internally and externally and will provide a detailed update within the next 1 hour.

Identified: Customers using Hubspot might find that the Gainsight app has been temporarily pulled from the Hubspot Marketplace as a precautionary measure. This may also impact Oauth access for customer connections while the review is taking place. We will work with Hubspot on re-listing after thorough review. No suspicious activity related to Hubspot has been observed at this point. These are precautionary steps only. Thank you for your patience, we will share additional updates as more information becomes available.

Identified: We continue to work closely with Salesforce as they investigate the unusual activity that led to the revocation of access tokens for Gainsight-published applications. Our internal investigation is ongoing, We will share additional updates as more information becomes available.

Identified: We continue to investigate the Salesforce connection issue identified earlier today. Further updates will be provided as soon as more information is available.

Identified: We are continuing to work on a fix for this issue.

Identified: We are continuing to work on a fix for this issue.

Identified: We are actively investigating the issue and continuing to monitor the situation closely. We will share further updates as soon as more information becomes available.

Identified: We have identified connection failures resulting from Salesforce revoking active access for Gainsight SFDC Connector. https://status.salesforce.com/generalmessages/20000233

This is currently causing disruptions to Gainsight functionalities that rely on synchronous or real-time API interactions with Salesforce.

We are investigating further and will update as we have more details.

Investigating: We are investigating reports of Salesforce Connection failures.
We will update soon as we have more details.

Resolved: Please refer to the Ongoing Salesforce Incident for the latest information: https://status.gainsight.com/incidents/gvng0kly8vwf

Investigating: Thank you for your patience as we continue to investigate this issue. Only customers using GSuite for SSO are affected at this time.

Investigating: We are investigating login issues for a subset of customers using GSuite for SSO.

Identified: We have updated FAQ to add in key questions asked in this week’s office hours. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: As part of the remediation effort, we completed the task of deactivating S3 connections for customers whose S3 access keys have not been rotated since before January 2025.

Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: On December 4th, between 6:00 AM - 9:00 AM PT, we will deactivate S3 connections for customers whose S3 access keys have not been rotated since before January 2025 as part of the remediation effort.

Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: A new update regarding IOCs and Office Hours can be found in the FAQs. FAQs: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: All customers using Google SSO OAuth, are strongly advised to complete the steps in the FAQ item item “My Google SSO login into Gainsight is failing. What can I do?”— even if access to Gainsight is still functioning—to move to SAML based authentication.

In addition, updated guidance is available for re-authenticating the GS Assist Gmail plugin and Gmail calendar integration, if you are running into issues with these features.

FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: Google SSO logins (Gsuite) are currently failing for small subset of customers who use Google OAuth to sign into Gainsight. To ensure uninterrupted access, we would like to propose an alternative approach using SAML authentication. We support SAML setup with any Identity Provider, including Azure, OneLogin and Google. Our team will be happy to guide you through this configuration. Please see the question “My Google SSO login into Gainsight is failing. What can I do?” in our FAQ for more info - https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.

We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Customers are advised to promptly rotate all S3 and connector credentials (including BigQuery, Zuora, Snowflake, etc.) used with Gainsight as part of standard security best practices. We have included a PDF with details in our FAQs Community Post. The attachment can be found at the bottom of the post.

Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 24). https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Thank you for your continued patience while we work to resolve this incident.

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 23) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 which will be updated every 24 hours with any new information.

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 22) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

Identified: Salesforce - Gainsight Connected App Incident FAQ (November 21st Update) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: Salesforce has published an updated Security Advisory on unusual activity related to Gainsight-published applications. https://help.salesforce.com/s/articleView?id=005229029&type=1 We continue to work closely with Salesforce as part of the ongoing investigation. Gainsight-published applications remain disconnected from Salesforce at this time. We will provide further updates as additional information becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We want to provide more information on the issue we shared earlier today. We have engaged Mandiant, a leader in cybersecurity, to assist us in our comprehensive, independent forensic investigation.

Our current findings indicate that the activity under investigation originated from the applications’ external connection — not from any issue or vulnerability within the Salesforce platform. Salesforce has independently notified known affected customers and continues to investigate.

As noted in the FAQ, (https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809) Gainsight can provide the IP ranges and subnets that Salesforce login events from the Gainsight Connector should originate from. At this time, these details can only be shared through a support ticket. If you need this information, please open a ticket with our Support team.

We are committed to keeping you informed, and we appreciate your patience and partnership

Identified: We continue to work on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. Additionally Zendesk connector access has been revoked as a precaution. Please refer to our detailed Salesforce - Gainsight Connected App Incident FAQ (November 20th Afternoon Update): https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

Identified: Investigation is ongoing and we will share updates as more information becomes available. We appreciate your patience and understanding.

Identified: Access to Gainsight via Salesforce remains unavailable at this time. We continue to work closely with Salesforce to investigate and resolve the connection issue impacting Gainsight-published applications on the Salesforce platform. Salesforce has temporarily revoked active access tokens for Gainsight-connected apps as a precautionary measure while their investigation into unusual activity continues.

Our security and engineering teams are collaborating with Salesforce to analyze the technical details, validate configurations, and determine safe restoration steps. We are continuing to consolidate information internally and externally and will provide a detailed update within the next 1 hour.

Identified: Customers using Hubspot might find that the Gainsight app has been temporarily pulled from the Hubspot Marketplace as a precautionary measure. This may also impact Oauth access for customer connections while the review is taking place. We will work with Hubspot on re-listing after thorough review. No suspicious activity related to Hubspot has been observed at this point. These are precautionary steps only. Thank you for your patience, we will share additional updates as more information becomes available.

Identified: We continue to work closely with Salesforce as they investigate the unusual activity that led to the revocation of access tokens for Gainsight-published applications. Our internal investigation is ongoing, We will share additional updates as more information becomes available.

Identified: We continue to investigate the Salesforce connection issue identified earlier today. Further updates will be provided as soon as more information is available.

Identified: We are continuing to work on a fix for this issue.

Identified: We are continuing to work on a fix for this issue.

Identified: We are actively investigating the issue and continuing to monitor the situation closely. We will share further updates as soon as more information becomes available.

Identified: We have identified connection failures resulting from Salesforce revoking active access for Gainsight SFDC Connector. https://status.salesforce.com/generalmessages/20000233

This is currently causing disruptions to Gainsight functionalities that rely on synchronous or real-time API interactions with Salesforce.

We are investigating further and will update as we have more details.

Investigating: We are investigating reports of Salesforce Connection failures.
We will update soon as we have more details.

Identified: We have updated FAQ to add in key questions asked in this week’s office hours. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: As part of the remediation effort, we completed the task of deactivating S3 connections for customers whose S3 access keys have not been rotated since before January 2025.

Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: On December 4th, between 6:00 AM - 9:00 AM PT, we will deactivate S3 connections for customers whose S3 access keys have not been rotated since before January 2025 as part of the remediation effort.

Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: A new update regarding IOCs and Office Hours can be found in the FAQs. FAQs: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: All customers using Google SSO OAuth, are strongly advised to complete the steps in the FAQ item item “My Google SSO login into Gainsight is failing. What can I do?”— even if access to Gainsight is still functioning—to move to SAML based authentication.

In addition, updated guidance is available for re-authenticating the GS Assist Gmail plugin and Gmail calendar integration, if you are running into issues with these features.

FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: Google SSO logins (Gsuite) are currently failing for small subset of customers who use Google OAuth to sign into Gainsight. To ensure uninterrupted access, we would like to propose an alternative approach using SAML authentication. We support SAML setup with any Identity Provider, including Azure, OneLogin and Google. Our team will be happy to guide you through this configuration. Please see the question “My Google SSO login into Gainsight is failing. What can I do?” in our FAQ for more info - https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.

We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Customers are advised to promptly rotate all S3 and connector credentials (including BigQuery, Zuora, Snowflake, etc.) used with Gainsight as part of standard security best practices. We have included a PDF with details in our FAQs Community Post. The attachment can be found at the bottom of the post.

Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 24). https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Thank you for your continued patience while we work to resolve this incident.

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 23) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 which will be updated every 24 hours with any new information.

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 22) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

Identified: Salesforce - Gainsight Connected App Incident FAQ (November 21st Update) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: Salesforce has published an updated Security Advisory on unusual activity related to Gainsight-published applications. https://help.salesforce.com/s/articleView?id=005229029&type=1 We continue to work closely with Salesforce as part of the ongoing investigation. Gainsight-published applications remain disconnected from Salesforce at this time. We will provide further updates as additional information becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We want to provide more information on the issue we shared earlier today. We have engaged Mandiant, a leader in cybersecurity, to assist us in our comprehensive, independent forensic investigation.

Our current findings indicate that the activity under investigation originated from the applications’ external connection — not from any issue or vulnerability within the Salesforce platform. Salesforce has independently notified known affected customers and continues to investigate.

As noted in the FAQ, (https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809) Gainsight can provide the IP ranges and subnets that Salesforce login events from the Gainsight Connector should originate from. At this time, these details can only be shared through a support ticket. If you need this information, please open a ticket with our Support team.

We are committed to keeping you informed, and we appreciate your patience and partnership

Identified: We continue to work on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. Additionally Zendesk connector access has been revoked as a precaution. Please refer to our detailed Salesforce - Gainsight Connected App Incident FAQ (November 20th Afternoon Update): https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

Identified: Investigation is ongoing and we will share updates as more information becomes available. We appreciate your patience and understanding.

Identified: Access to Gainsight via Salesforce remains unavailable at this time. We continue to work closely with Salesforce to investigate and resolve the connection issue impacting Gainsight-published applications on the Salesforce platform. Salesforce has temporarily revoked active access tokens for Gainsight-connected apps as a precautionary measure while their investigation into unusual activity continues.

Our security and engineering teams are collaborating with Salesforce to analyze the technical details, validate configurations, and determine safe restoration steps. We are continuing to consolidate information internally and externally and will provide a detailed update within the next 1 hour.

Identified: Customers using Hubspot might find that the Gainsight app has been temporarily pulled from the Hubspot Marketplace as a precautionary measure. This may also impact Oauth access for customer connections while the review is taking place. We will work with Hubspot on re-listing after thorough review. No suspicious activity related to Hubspot has been observed at this point. These are precautionary steps only. Thank you for your patience, we will share additional updates as more information becomes available.

Identified: We continue to work closely with Salesforce as they investigate the unusual activity that led to the revocation of access tokens for Gainsight-published applications. Our internal investigation is ongoing, We will share additional updates as more information becomes available.

Identified: We continue to investigate the Salesforce connection issue identified earlier today. Further updates will be provided as soon as more information is available.

Identified: We are continuing to work on a fix for this issue.

Identified: We are continuing to work on a fix for this issue.

Identified: We are actively investigating the issue and continuing to monitor the situation closely. We will share further updates as soon as more information becomes available.

Identified: We have identified connection failures resulting from Salesforce revoking active access for Gainsight SFDC Connector. https://status.salesforce.com/generalmessages/20000233

This is currently causing disruptions to Gainsight functionalities that rely on synchronous or real-time API interactions with Salesforce.

We are investigating further and will update as we have more details.

Investigating: We are investigating reports of Salesforce Connection failures.
We will update soon as we have more details.

Resolved: Please refer to the Ongoing Salesforce Incident for the latest information: https://status.gainsight.com/incidents/gvng0kly8vwf

Investigating: Thank you for your patience as we continue to investigate this issue. Only customers using GSuite for SSO are affected at this time.

Investigating: We are investigating login issues for a subset of customers using GSuite for SSO.

Identified: We have updated FAQ to add in key questions asked in this week’s office hours. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: As part of the remediation effort, we completed the task of deactivating S3 connections for customers whose S3 access keys have not been rotated since before January 2025.

Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: On December 4th, between 6:00 AM - 9:00 AM PT, we will deactivate S3 connections for customers whose S3 access keys have not been rotated since before January 2025 as part of the remediation effort.

Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: A new update regarding IOCs and Office Hours can be found in the FAQs. FAQs: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: All customers using Google SSO OAuth, are strongly advised to complete the steps in the FAQ item item “My Google SSO login into Gainsight is failing. What can I do?”— even if access to Gainsight is still functioning—to move to SAML based authentication.

In addition, updated guidance is available for re-authenticating the GS Assist Gmail plugin and Gmail calendar integration, if you are running into issues with these features.

FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: Google SSO logins (Gsuite) are currently failing for small subset of customers who use Google OAuth to sign into Gainsight. To ensure uninterrupted access, we would like to propose an alternative approach using SAML authentication. We support SAML setup with any Identity Provider, including Azure, OneLogin and Google. Our team will be happy to guide you through this configuration. Please see the question “My Google SSO login into Gainsight is failing. What can I do?” in our FAQ for more info - https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review.

We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Customers are advised to promptly rotate all S3 and connector credentials (including BigQuery, Zuora, Snowflake, etc.) used with Gainsight as part of standard security best practices. We have included a PDF with details in our FAQs Community Post. The attachment can be found at the bottom of the post.

Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 24). https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

Forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Thank you for your continued patience while we work to resolve this incident.

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 23) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 which will be updated every 24 hours with any new information.

Identified: Salesforce - Gainsight Connected App Incident FAQ Update (November 22) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

Identified: Salesforce - Gainsight Connected App Incident FAQ (November 21st Update) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: Salesforce has published an updated Security Advisory on unusual activity related to Gainsight-published applications. https://help.salesforce.com/s/articleView?id=005229029&type=1 We continue to work closely with Salesforce as part of the ongoing investigation. Gainsight-published applications remain disconnected from Salesforce at this time. We will provide further updates as additional information becomes available.

Identified: We continue to work closely with Salesforce on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

Identified: We want to provide more information on the issue we shared earlier today. We have engaged Mandiant, a leader in cybersecurity, to assist us in our comprehensive, independent forensic investigation.

Our current findings indicate that the activity under investigation originated from the applications’ external connection — not from any issue or vulnerability within the Salesforce platform. Salesforce has independently notified known affected customers and continues to investigate.

As noted in the FAQ, (https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809) Gainsight can provide the IP ranges and subnets that Salesforce login events from the Gainsight Connector should originate from. At this time, these details can only be shared through a support ticket. If you need this information, please open a ticket with our Support team.

We are committed to keeping you informed, and we appreciate your patience and partnership

Identified: We continue to work on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. Additionally Zendesk connector access has been revoked as a precaution. Please refer to our detailed Salesforce - Gainsight Connected App Incident FAQ (November 20th Afternoon Update): https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

Identified: Investigation is ongoing and we will share updates as more information becomes available. We appreciate your patience and understanding.

Identified: Access to Gainsight via Salesforce remains unavailable at this time. We continue to work closely with Salesforce to investigate and resolve the connection issue impacting Gainsight-published applications on the Salesforce platform. Salesforce has temporarily revoked active access tokens for Gainsight-connected apps as a precautionary measure while their investigation into unusual activity continues.

Our security and engineering teams are collaborating with Salesforce to analyze the technical details, validate configurations, and determine safe restoration steps. We are continuing to consolidate information internally and externally and will provide a detailed update within the next 1 hour.

Identified: Customers using Hubspot might find that the Gainsight app has been temporarily pulled from the Hubspot Marketplace as a precautionary measure. This may also impact Oauth access for customer connections while the review is taking place. We will work with Hubspot on re-listing after thorough review. No suspicious activity related to Hubspot has been observed at this point. These are precautionary steps only. Thank you for your patience, we will share additional updates as more information becomes available.

Identified: We continue to work closely with Salesforce as they investigate the unusual activity that led to the revocation of access tokens for Gainsight-published applications. Our internal investigation is ongoing, We will share additional updates as more information becomes available.

Identified: We continue to investigate the Salesforce connection issue identified earlier today. Further updates will be provided as soon as more information is available.

Identified: We are continuing to work on a fix for this issue.

Identified: We are continuing to work on a fix for this issue.

Identified: We are actively investigating the issue and continuing to monitor the situation closely. We will share further updates as soon as more information becomes available.

Identified: We have identified connection failures resulting from Salesforce revoking active access for Gainsight SFDC Connector. https://status.salesforce.com/generalmessages/20000233

This is currently causing disruptions to Gainsight functionalities that rely on synchronous or real-time API interactions with Salesforce.

We are investigating further and will update as we have more details.

Investigating: We are investigating reports of Salesforce Connection failures.
We will update soon as we have more details.