Gainsight incident

Salesforce Connection Restoration

Major Resolved View vendor source →

Gainsight experienced a major incident on November 20, 2025 affecting Gainsight CS US1 Application and Gainsight CS US2 Application and 1 more component, lasting 118d 12h. The incident has been resolved; the full update timeline is below.

Started
Nov 20, 2025, 04:33 AM UTC
Resolved
Mar 18, 2026, 04:35 PM UTC
Duration
118d 12h
Detected by Pingoru
Nov 20, 2025, 04:33 AM UTC

Affected components

Gainsight CS US1 ApplicationGainsight CS US2 ApplicationGainsight CS EU ApplicationEU Gainsight Salesforce IntegrationUS2 Gainsight Salesforce IntegrationUS1 Gainsight Salesforce Integration

Update timeline

  1. investigating Nov 20, 2025, 03:53 AM UTC

    We are investigating reports of Salesforce Connection failures. We will update soon as we have more details.

  2. identified Nov 20, 2025, 04:33 AM UTC

    We have identified connection failures resulting from Salesforce revoking active access for Gainsight SFDC Connector. https://status.salesforce.com/generalmessages/20000233 This is currently causing disruptions to Gainsight functionalities that rely on synchronous or real-time API interactions with Salesforce. We are investigating further and will update as we have more details.

  3. identified Nov 20, 2025, 07:22 AM UTC

    We are actively investigating the issue and continuing to monitor the situation closely. We will share further updates as soon as more information becomes available.

  4. identified Nov 20, 2025, 07:34 AM UTC

    We are continuing to work on a fix for this issue.

  5. identified Nov 20, 2025, 07:56 AM UTC

    We are continuing to work on a fix for this issue.

  6. identified Nov 20, 2025, 11:22 AM UTC

    We continue to investigate the Salesforce connection issue identified earlier today. Further updates will be provided as soon as more information is available.

  7. identified Nov 20, 2025, 05:35 PM UTC

    We continue to work closely with Salesforce as they investigate the unusual activity that led to the revocation of access tokens for Gainsight-published applications. Our internal investigation is ongoing, We will share additional updates as more information becomes available.

  8. identified Nov 20, 2025, 08:36 PM UTC

    Customers using Hubspot might find that the Gainsight app has been temporarily pulled from the Hubspot Marketplace as a precautionary measure. This may also impact Oauth access for customer connections while the review is taking place. We will work with Hubspot on re-listing after thorough review. No suspicious activity related to Hubspot has been observed at this point. These are precautionary steps only. Thank you for your patience, we will share additional updates as more information becomes available.

  9. identified Nov 21, 2025, 12:26 AM UTC

    Access to Gainsight via Salesforce remains unavailable at this time. We continue to work closely with Salesforce to investigate and resolve the connection issue impacting Gainsight-published applications on the Salesforce platform. Salesforce has temporarily revoked active access tokens for Gainsight-connected apps as a precautionary measure while their investigation into unusual activity continues. Our security and engineering teams are collaborating with Salesforce to analyze the technical details, validate configurations, and determine safe restoration steps. We are continuing to consolidate information internally and externally and will provide a detailed update within the next 1 hour.

  10. identified Nov 21, 2025, 01:46 AM UTC

    Investigation is ongoing and we will share updates as more information becomes available. We appreciate your patience and understanding.

  11. identified Nov 21, 2025, 01:56 AM UTC

    We continue to work on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. Additionally Zendesk connector access has been revoked as a precaution. Please refer to our detailed Salesforce - Gainsight Connected App Incident FAQ (November 20th Afternoon Update): https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

  12. identified Nov 21, 2025, 05:38 AM UTC

    We want to provide more information on the issue we shared earlier today. We have engaged Mandiant, a leader in cybersecurity, to assist us in our comprehensive, independent forensic investigation. Our current findings indicate that the activity under investigation originated from the applications’ external connection — not from any issue or vulnerability within the Salesforce platform. Salesforce has independently notified known affected customers and continues to investigate. As noted in the FAQ, (https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809) Gainsight can provide the IP ranges and subnets that Salesforce login events from the Gainsight Connector should originate from. At this time, these details can only be shared through a support ticket. If you need this information, please open a ticket with our Support team. We are committed to keeping you informed, and we appreciate your patience and partnership

  13. identified Nov 21, 2025, 05:22 PM UTC

    We continue to work closely with Salesforce on the ongoing investigation into the connection issue affecting Gainsight-published applications on Salesforce. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

  14. identified Nov 21, 2025, 07:15 PM UTC

    Salesforce has published an updated Security Advisory on unusual activity related to Gainsight-published applications. https://help.salesforce.com/s/articleView?id=005229029&type=1 We continue to work closely with Salesforce as part of the ongoing investigation. Gainsight-published applications remain disconnected from Salesforce at this time. We will provide further updates as additional information becomes available.

  15. identified Nov 22, 2025, 02:39 AM UTC

    We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

  16. identified Nov 22, 2025, 06:11 AM UTC

    Salesforce - Gainsight Connected App Incident FAQ (November 21st Update) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

  17. identified Nov 22, 2025, 09:19 PM UTC

    We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809

  18. identified Nov 23, 2025, 01:35 AM UTC

    Salesforce - Gainsight Connected App Incident FAQ Update (November 22) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

  19. identified Nov 23, 2025, 07:01 PM UTC

    We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 which will be updated every 24 hours with any new information.

  20. identified Nov 24, 2025, 02:34 AM UTC

    Salesforce - Gainsight Connected App Incident FAQ Update (November 23) - https://communities.gainsight.com/community-news-2/salesforce-gainsight-connected-app-incident-faqs-29809 We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available.

  21. identified Nov 25, 2025, 03:25 AM UTC

    Salesforce - Gainsight Connected App Incident FAQ Update (November 24). https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809 Forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Thank you for your continued patience while we work to resolve this incident.

  22. identified Nov 27, 2025, 03:39 AM UTC

    We continue to work closely with Salesforce on the ongoing investigation into the incident. In parallel, a forensic analysis is continuing as part of a comprehensive and independent review. We will continue to share updates as the investigation progresses and provide additional information as it becomes available. Customers are advised to promptly rotate all S3 and connector credentials (including BigQuery, Zuora, Snowflake, etc.) used with Gainsight as part of standard security best practices. We have included a PDF with details in our FAQs Community Post. The attachment can be found at the bottom of the post. Please refer to the current active FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  23. identified Nov 29, 2025, 02:22 AM UTC

    Google SSO logins (Gsuite) are currently failing for small subset of customers who use Google OAuth to sign into Gainsight. To ensure uninterrupted access, we would like to propose an alternative approach using SAML authentication. We support SAML setup with any Identity Provider, including Azure, OneLogin and Google. Our team will be happy to guide you through this configuration. Please see the question “My Google SSO login into Gainsight is failing. What can I do?” in our FAQ for more info - https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  24. identified Dec 01, 2025, 08:26 PM UTC

    All customers using Google SSO OAuth, are strongly advised to complete the steps in the FAQ item item “My Google SSO login into Gainsight is failing. What can I do?”— even if access to Gainsight is still functioning—to move to SAML based authentication. In addition, updated guidance is available for re-authenticating the GS Assist Gmail plugin and Gmail calendar integration, if you are running into issues with these features. FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  25. identified Dec 02, 2025, 01:49 AM UTC

    A new update regarding IOCs and Office Hours can be found in the FAQs. FAQs: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  26. identified Dec 03, 2025, 03:29 AM UTC

    No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  27. identified Dec 03, 2025, 04:19 PM UTC

    No updates to the FAQ as we continue to work through the investigation. Please review the Office Hours schedule mentioned in the current FAQ: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  28. identified Dec 04, 2025, 01:14 AM UTC

    On December 4th, between 6:00 AM - 9:00 AM PT, we will deactivate S3 connections for customers whose S3 access keys have not been rotated since before January 2025 as part of the remediation effort. Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  29. identified Dec 04, 2025, 05:32 PM UTC

    As part of the remediation effort, we completed the task of deactivating S3 connections for customers whose S3 access keys have not been rotated since before January 2025. Please see the “Important NOTE” section at the top of the FAQ for quick reconnection steps: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  30. identified Dec 06, 2025, 02:52 AM UTC

    We have updated FAQ to add in key questions asked in this week’s office hours. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  31. identified Dec 08, 2025, 08:43 PM UTC

    We wanted to share an important update: both Mandiant and CrowdStrike have completed their independent investigations. We’ve already shared this investigation summary with Salesforce and are now reviewing the findings together. Once those conversations are complete, we’ll publish the investigation summary on our Trust site, so you have full visibility as well. In parallel, we are proactively working with our partners at Zendesk, HubSpot, and Gong.io to keep them fully updated so we can get those integrations re-enabled as quickly and safely as possible. Thank you for your patience and partnership as we work through this final step. For additional clarifying info see https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  32. identified Dec 09, 2025, 04:55 AM UTC

    Please see an important status update from our CEO Chuck Ganapathi regarding the completion of security investigations: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  33. identified Dec 10, 2025, 01:27 AM UTC

    We’ve added resources to help Gainsight admins get ready for reconnecting with Salesforce once restoration begins. Visit our Community post for details and Office Hours registration. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  34. identified Dec 10, 2025, 06:46 PM UTC

    Great news — Salesforce has approved the Gainsight Managed Package with UI. This means you can once again access the Gainsight UI directly inside Salesforce, just as you could before. Salesforce has also approved the Gainsight Connected Apps that power data exchange between Gainsight and Salesforce. With this approval in place, customers can begin bringing their Salesforce-connected workflows back online. To resume data flow, the Gainsight Connected App needs to be reauthorized. We’re excited to be moving into this restoration phase and will continue to share updates and guidance as more functionality comes back online. A follow-up with more details will be coming later today.

  35. identified Dec 11, 2025, 12:14 AM UTC

    Please see FAQs for updated instructions on how to get the Gainsight-Saleforce connection working. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  36. identified Dec 12, 2025, 08:58 AM UTC

    Salesforce connectivity for Gainsight CS has been approved and restoration is underway. Core Salesforce-dependent workflows are now available after reauthorization, with additional features being brought back online progressively. See the https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809 for details and next steps.

  37. monitoring Dec 12, 2025, 08:56 PM UTC

    The new managed package that powers the data integration between Gainsight CS and Salesforce has successfully completed the AppExchange security review and has been published (may take a bit to show up in search due to indexing). You can continue using the installation links included in our community post under the December 11th update "How can I get the Gainsight-Salesforce connection working now?" until they show up in search. In addition, you won't see the warning message highlighted in the post anymore. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  38. monitoring Dec 16, 2025, 12:30 AM UTC

    We’ve published Community updates on Gainsight’s Salesforce Managed Packages, the status of HubSpot, Gong.io, and Zendesk integrations, and Slack app progress. The Staircase Slack app is now re-enabled, with other CS Slack apps coming soon. Please review the Community link for the latest information. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  39. monitoring Dec 18, 2025, 01:10 AM UTC

    CS Slack apps have been re-enabled and re-listed! https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  40. monitoring Dec 18, 2025, 08:33 AM UTC

    Hubspot connector with Gainsight has been approved for use. Here are the instructions in FAQ on how to re-enable your Hubspot connector. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  41. monitoring Dec 18, 2025, 06:16 PM UTC

    Resolved: The Salesforce Connector access issue identified earlier today has been fully addressed. Connectivity has been restored and no further action is needed. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  42. monitoring Dec 19, 2025, 07:10 AM UTC

    Gong.io connector with Gainsight has been approved for use. Here are instructions in FAQ on how to re-enable your Gong.io connector. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-faqs-29809

  43. monitoring Dec 19, 2025, 08:20 PM UTC

    To improve stability following Gong.io re-enablement, call syncs are temporarily running twice daily (12:00 AM and 12:00 PM UTC). See the Community FAQ for details: https://communities.gainsight.com/community-news-2/salesforce-security-advisory-faqs-29809

  44. monitoring Dec 20, 2025, 11:59 PM UTC

    CS SSO Managed Package Is Now Available on Salesforce AppExchange. Details updated in FAQ. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-faqs-29809

  45. monitoring Dec 22, 2025, 10:37 PM UTC

    The new Staircase Salesforce Connector is now available and recommended for all new connections. Existing connections will continue to work for now; see the Community post for details and documentation. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-faqs-29809

  46. monitoring Dec 25, 2025, 12:38 AM UTC

    The Zendesk Connector 2.0 is now available for authorization and use with Gainsight CS. Zendesk Connector 1.0 is deprecated, and the Zendesk Widget is not yet enabled—see Community for details. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  47. monitoring Dec 27, 2025, 01:36 AM UTC

    Salesforce has approved the managed packages for Customer community (CC), Skilljar, Northpass, and PX. Customers can now begin reconnecting these products to Salesforce. Additional guidance will be shared as reconnections progress.

  48. monitoring Jan 07, 2026, 10:59 PM UTC

    All required Gainsight Salesforce managed packages (UI and data connectors across CS, Northpass, Skilljar, PX, and Staircase) are now approved and available on the Salesforce AppExchange. See Community for details - https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  49. monitoring Jan 12, 2026, 06:28 PM UTC

    Some customers have received targeted outreach regarding upcoming security and Salesforce integration updates. A Community post is available for broader awareness and details on who is impacted. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  50. monitoring Jan 13, 2026, 12:38 AM UTC

    We’ve posted a Community update explaining Salesforce connector reauthorization behavior and how to restore connectivity if it occurs. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  51. monitoring Jan 20, 2026, 11:39 PM UTC

    We’ve posted a Community update with important details about 3rd Party Connected App Key Rotation and Salesforce Managed Package Migration Requirements. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  52. monitoring Jan 26, 2026, 10:03 PM UTC

    Salesforce Connector reauthorization requirement removed. See Community page for more details. https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809

  53. resolved Mar 18, 2026, 04:35 PM UTC

    This incident has been resolved.