{"key":"NA58","location":"NA","environment":"production","releaseVersion":"Winter '21 Patch 11.7","releaseNumber":"228.11.7","status":"OK","isActive":false,"createdAt":"2017-05-21T06:59:17.376Z","updatedAt":"2025-04-17T17:05:54.004Z","city":"","stateName":"","stateCode":"","countryName":"","countryCode":"","maintenanceWindow":"Sundays 12:00 AM - 4:00 AM PST","Services":[{"key":"analytics","order":10,"isCore":false},{"key":"B2BCommerce","order":1300,"isCore":false},{"key":"Communities","order":200,"isCore":false},{"key":"coreService","order":1,"isCore":true},{"key":"CPQandBilling","order":100,"isCore":false},{"key":"Customer360Audiences","order":500,"isCore":false},{"key":"EinsteinBots","order":110,"isCore":false},{"key":"liveAgent","order":20,"isCore":false},{"key":"SalesforceCMS","order":1200,"isCore":false},{"key":"SALESFORCEORDERMANAGEMENT","order":1210,"isCore":false},{"key":"search","order":5,"isCore":false},{"key":"ServiceCloudVoice","order":600,"isCore":false}],"Products":[{"key":"Salesforce_Services","order":0,"isActive":true,"name":"Salesforce Services","altDisplayName":"Sales and Service","url":"/products/Salesforce_Services"}],"Incidents":[],"Tags":[],"GeneralMessages":[{"id":20000217,"subject":"Security Advisory: Unusual Activity in a Third Party Connected App","body":"We want to inform our customers about a recent security incident involving the Drift app, published by Salesloft, that was installed by individual customers. Salesforce security teams detected unusual activity that may have resulted in unauthorized access to a small number of customers’ orgs data via the app's connection to Salesforce.\n\nIt is important to note that this issue did not stem from a vulnerability within the core Salesforce platform, but rather from a compromise of the app's connection.\n\nUpon detecting the activity, Salesloft, in collaboration with Salesforce, invalidated active Access and Refresh Tokens, and removed Drift from AppExchange. We then notified affected customers.\n\nWe’re continuing to work with Salesloft as part of our investigation and provide updates as appropriate, including notifying and supporting affected customers with remediation. If you need support, please reach out through Salesforce Help: https://help.salesforce.com/s. ","incidentId":null,"publicView":true,"startDate":"2025-08-27T00:56:00.000Z","endDate":null,"createdAt":"2025-08-26T17:59:10.716Z","updatedAt":"2025-10-02T16:00:07.712Z","externalId":null,"isVisibleWhenClosed":false,"isVisible":true,"informationalMessageType":"informationalMessage","status":"Active","timeline":[{"title":"Update","content":"Salesforce has re-enabled integrations with Salesloft technologies, with the exception of any Drift app. Drift will remain disabled until further notice as part of our continued response to the security incident. This decision follows security measures and remediation steps implemented by Salesloft, which were independently validated by Mandiant.\n\nFor full details and guidance from Salesforce, please continue to follow https://help.salesforce.com/s/articleView?id=005134951&type=1. \nFor Salesloft’s latest investigation and remediation updates, see https://trust.salesloft.com/?uid=Update+on+Mandiant+Drift+and+Salesloft+Application+Investigations","createdAt":"2025-09-07T17:51:45.082Z","updatedAt":"2025-09-07T17:51:45.085Z","entryType":"informational_message_update","sourceId":326,"sourceType":"update"},{"title":"Update","content":"Salesforce has disabled all integrations between Salesforce and Salesloft technologies, including the Drift app. As a result, organizations will not be able to connect to Salesforce via any Salesloft apps until further notice. Our teams are continuing to assess the situation, and we will provide further updates as appropriate. \n\nFor additional details, including guidance and future updates, please visit our knowledge article: https://help.salesforce.com/s/articleView?id=005134951&type=1.","createdAt":"2025-08-28T19:16:16.810Z","updatedAt":"2025-08-28T19:16:16.814Z","entryType":"informational_message_update","sourceId":325,"sourceType":"update"},{"title":"Update","content":"To protect our customers, Salesforce has disabled the connection between the Drift app, published by Salesloft, and Salesforce as part of our response to the recent security incident. This issue is limited to the Drift app’s connection and did not arise from a vulnerability within the Salesforce platform.\n\nOn August 28, 2025, at 04:09 UTC, we took this action out of an abundance of caution and as part of our ongoing security investigation. As a result, customers will not be able to connect to Salesforce via the Drift app until further notice.\n\nDisabling the connection is a precautionary measure to help safeguard customer environments while we continue to assess and address the situation. We recognize this change may cause disruption and will provide further updates as more information becomes available.\n\nFor additional details, please visit: https://help.salesforce.com/s/articleView?id=005134951&type=1","createdAt":"2025-08-28T04:39:04.062Z","updatedAt":"2025-08-28T04:39:04.067Z","entryType":"informational_message_update","sourceId":324,"sourceType":"update"},{"title":"Security Advisory: Unusual Activity in a Third Party Connected App","content":"We want to inform our customers about a recent security incident involving the Drift app, published by Salesloft, that was installed by individual customers. Salesforce security teams detected unusual activity that may have resulted in unauthorized access to a small number of customers’ orgs data via the app's connection to Salesforce.\n\nIt is important to note that this issue did not stem from a vulnerability within the core Salesforce platform, but rather from a compromise of the app's connection.\n\nUpon detecting the activity, Salesloft, in collaboration with Salesforce, invalidated active Access and Refresh Tokens, and removed Drift from AppExchange. We then notified affected customers.\n\nWe’re continuing to work with Salesloft as part of our investigation and provide updates as appropriate, including notifying and supporting affected customers with remediation. If you need support, please reach out through Salesforce Help: https://help.salesforce.com/s. ","createdAt":"2025-08-26T17:59:10.716Z","updatedAt":"2025-10-02T16:00:07.712Z","entryType":"informational_message_created","sourceId":217,"sourceType":"message"}],"productKeys":[],"InformationalMessageUpdates":[{"id":20000324,"message":"To protect our customers, Salesforce has disabled the connection between the Drift app, published by Salesloft, and Salesforce as part of our response to the recent security incident. This issue is limited to the Drift app’s connection and did not arise from a vulnerability within the Salesforce platform.\n\nOn August 28, 2025, at 04:09 UTC, we took this action out of an abundance of caution and as part of our ongoing security investigation. As a result, customers will not be able to connect to Salesforce via the Drift app until further notice.\n\nDisabling the connection is a precautionary measure to help safeguard customer environments while we continue to assess and address the situation. We recognize this change may cause disruption and will provide further updates as more information becomes available.\n\nFor additional details, please visit: https://help.salesforce.com/s/articleView?id=005134951&type=1","createdAt":"2025-08-28T04:39:04.062Z","updatedAt":"2025-08-28T04:39:04.067Z","GeneralMessageId":20000217},{"id":20000325,"message":"Salesforce has disabled all integrations between Salesforce and Salesloft technologies, including the Drift app. As a result, organizations will not be able to connect to Salesforce via any Salesloft apps until further notice. Our teams are continuing to assess the situation, and we will provide further updates as appropriate. \n\nFor additional details, including guidance and future updates, please visit our knowledge article: https://help.salesforce.com/s/articleView?id=005134951&type=1.","createdAt":"2025-08-28T19:16:16.810Z","updatedAt":"2025-08-28T19:16:16.814Z","GeneralMessageId":20000217},{"id":20000326,"message":"Salesforce has re-enabled integrations with Salesloft technologies, with the exception of any Drift app. Drift will remain disabled until further notice as part of our continued response to the security incident. This decision follows security measures and remediation steps implemented by Salesloft, which were independently validated by Mandiant.\n\nFor full details and guidance from Salesforce, please continue to follow https://help.salesforce.com/s/articleView?id=005134951&type=1. \nFor Salesloft’s latest investigation and remediation updates, see https://trust.salesloft.com/?uid=Update+on+Mandiant+Drift+and+Salesloft+Application+Investigations","createdAt":"2025-09-07T17:51:45.082Z","updatedAt":"2025-09-07T17:51:45.085Z","GeneralMessageId":20000217}]},{"id":20000249,"subject":"Feature Disruption affecting Industry Cloud in sandbox environments","body":"We're investigating an issue affecting a subset of Industry Cloud customers using Communications & Media Technology (CMT),  Communications, Media, and Energy (CME) and Insurance package features in sandbox environments. Users are unable to access those features and are receiving an error prompting them to contact an administrator. We identified a licensing validation issue where the system incorrectly marks valid sandbox licenses as unlicensed, blocking access to these features. This issue was introduced during a recent change. We’re in the process of reverting this change\n\nWe'll provide an update in 60 minutes or sooner if additional information becomes available.\n","incidentId":null,"publicView":true,"startDate":"2026-04-30T11:03:00.000Z","endDate":"2026-05-02T11:00:00.000Z","createdAt":"2026-04-30T12:13:15.815Z","updatedAt":"2026-05-02T17:01:17.813Z","externalId":"90157713","isVisibleWhenClosed":false,"isVisible":true,"informationalMessageType":"informationalMessage","status":"Resolved","timeline":[{"title":"Update","content":"The rollback of the recent change is complete, however, an additional action to clear the org cache is required to bring customers out of impact. If you are impacted by the issue, please raise a support case and our team will perform this manual step to resolve the issue for you. For more information, please see this Known Issue article here: https://help.salesforce.com/s/issue?id=a02Ka00000moMhu","createdAt":"2026-04-30T13:15:26.490Z","updatedAt":"2026-04-30T13:39:38.062Z","entryType":"informational_message_update","sourceId":417,"sourceType":"update"},{"title":"Feature Disruption affecting Industry Cloud in sandbox environments","content":"We're investigating an issue affecting a subset of Industry Cloud customers using Communications & Media Technology (CMT),  Communications, Media, and Energy (CME) and Insurance package features in sandbox environments. Users are unable to access those features and are receiving an error prompting them to contact an administrator. We identified a licensing validation issue where the system incorrectly marks valid sandbox licenses as unlicensed, blocking access to these features. This issue was introduced during a recent change. We’re in the process of reverting this change\n\nWe'll provide an update in 60 minutes or sooner if additional information becomes available.\n","createdAt":"2026-04-30T12:13:15.815Z","updatedAt":"2026-05-02T17:01:17.813Z","entryType":"informational_message_created","sourceId":249,"sourceType":"message"}],"productKeys":[],"InformationalMessageUpdates":[{"id":20000417,"message":"The rollback of the recent change is complete, however, an additional action to clear the org cache is required to bring customers out of impact. If you are impacted by the issue, please raise a support case and our team will perform this manual step to resolve the issue for you. For more information, please see this Known Issue article here: https://help.salesforce.com/s/issue?id=a02Ka00000moMhu","createdAt":"2026-04-30T13:15:26.490Z","updatedAt":"2026-04-30T13:39:38.062Z","GeneralMessageId":20000249}]},{"id":20000250,"subject":"Feature degradation preventing Agent Force from drafting emails","body":"Issue: We’re aware of an issue preventing a subset of customers using the updated Atlas Reasoning Service from using Agent Force to draft emails.\n\nImpact: A subset of customers using the updated Atlas Reasoning Service may be experiencing errors when attempting to use draft emails via Agent Force. ","incidentId":"90219342","publicView":true,"startDate":"2026-05-01T09:00:00.000Z","endDate":"2026-05-02T00:45:00.000Z","createdAt":"2026-05-01T22:44:14.246Z","updatedAt":"2026-05-02T00:56:27.904Z","externalId":null,"isVisibleWhenClosed":false,"isVisible":true,"informationalMessageType":"informationalMessage","status":"Resolved","timeline":[{"title":"Update","content":"A fix was developed, tested, and successfully deployed to all production instances and the team has confirmed the issue is resolved. \n\nWe apologize for how you and your business may have been affected by this incident.","createdAt":"2026-05-02T00:56:27.908Z","updatedAt":"2026-05-02T00:56:27.911Z","entryType":"informational_message_update","sourceId":420,"sourceType":"update"},{"title":"Update","content":"Our engineering teams identified the issue and are actively deploying a fix across all production instances.\n\nWe will provide another update as additional information becomes available.","createdAt":"2026-05-02T00:23:44.616Z","updatedAt":"2026-05-02T00:23:44.617Z","entryType":"informational_message_update","sourceId":419,"sourceType":"update"},{"title":"Update","content":"Upon investigating the issue, we've found the potential trigger and are developing a fix to mitigate impact to customers. \n\nWe will provide another update as additional information becomes available.","createdAt":"2026-05-01T22:58:11.688Z","updatedAt":"2026-05-01T22:58:11.690Z","entryType":"informational_message_update","sourceId":418,"sourceType":"update"},{"title":"Feature degradation preventing Agent Force from drafting emails","content":"Issue: We’re aware of an issue preventing a subset of customers using the updated Atlas Reasoning Service from using Agent Force to draft emails.\n\nImpact: A subset of customers using the updated Atlas Reasoning Service may be experiencing errors when attempting to use draft emails via Agent Force. ","createdAt":"2026-05-01T22:44:14.246Z","updatedAt":"2026-05-02T00:56:27.904Z","entryType":"informational_message_created","sourceId":250,"sourceType":"message"}],"productKeys":[],"InformationalMessageUpdates":[{"id":20000418,"message":"Upon investigating the issue, we've found the potential trigger and are developing a fix to mitigate impact to customers. \n\nWe will provide another update as additional information becomes available.","createdAt":"2026-05-01T22:58:11.688Z","updatedAt":"2026-05-01T22:58:11.690Z","GeneralMessageId":20000250},{"id":20000419,"message":"Our engineering teams identified the issue and are actively deploying a fix across all production instances.\n\nWe will provide another update as additional information becomes available.","createdAt":"2026-05-02T00:23:44.616Z","updatedAt":"2026-05-02T00:23:44.617Z","GeneralMessageId":20000250},{"id":20000420,"message":"A fix was developed, tested, and successfully deployed to all production instances and the team has confirmed the issue is resolved. \n\nWe apologize for how you and your business may have been affected by this incident.","createdAt":"2026-05-02T00:56:27.908Z","updatedAt":"2026-05-02T00:56:27.911Z","GeneralMessageId":20000250}]},{"id":20000252,"subject":"Cross-Cloud Performance degradation ","body":"Impact: A subset of customers in the US-East-1 region may have experienced performance degradation.\n\nAll impacted Salesforce services are now fully operational.\n\nRecovered Services: \nHeroku: Recovered at 17:17 UTC\nMuleSoft: Recovered at 07:26 UTC.\nMarketing Cloud Personalization: Recovered at 01:30 UTC\nMarketing Cloud Intelligence: Recovered on 09 May 2026, at 15:00 UTC ","incidentId":null,"publicView":true,"startDate":"2026-05-07T18:37:00.000Z","endDate":"2026-05-10T06:30:00.000Z","createdAt":"2026-05-08T02:42:08.689Z","updatedAt":"2026-05-10T07:34:29.573Z","externalId":"90420186","isVisibleWhenClosed":false,"isVisible":true,"informationalMessageType":"informationalMessage","status":"Resolved","timeline":[{"title":"Update","content":"Upon further investigation, we determined that the recovered time for Marketing Cloud Intelligence was different than initially understood. We have now revised the recovered time of the post to more accurately reflect the time the recovery was completed.","createdAt":"2026-05-10T07:34:29.576Z","updatedAt":"2026-05-10T07:34:29.578Z","entryType":"informational_message_update","sourceId":435,"sourceType":"update"},{"title":"Update","content":"Marketing Cloud Intelligence experienced the most significant impact, including dashboard loading issues and delays in data insertion. All databases have been successfully restored to their original availability zone.\n\nThe third-party vendor has confirmed that the majority of impacted infrastructure resources in the affected availability zone have been restored. A small residual subset continues recovery, with full restoration expected by the third-party vendor.","createdAt":"2026-05-10T06:35:08.361Z","updatedAt":"2026-05-10T06:35:08.363Z","entryType":"informational_message_update","sourceId":434,"sourceType":"update"},{"title":"Update","content":"We have successfully applied the fix to all remaining affected Heroku customers and Heroku databases and web applications are now fully operational for all customers. \n\nIn parallel, we're continuing to evaluate whether we can manually fail over the Marketing Cloud Intelligence service to a different availability zone. \nWe'll provide an update when additional information becomes available","createdAt":"2026-05-08T19:19:49.154Z","updatedAt":"2026-05-08T19:19:49.157Z","entryType":"informational_message_update","sourceId":432,"sourceType":"update"},{"title":"Update","content":"While the majority of Heroku customers are now out of impact, we’ve determined that a small subset of customers may still be experiencing a read-only state with their databases. We're actively working to restore full functionality for all remaining affected customers. In parallel, we're continuing to evaluate whether we can manually fail over the Marketing Cloud Intelligence service to a different availability zone. \nWe'll provide an update when additional information becomes available.","createdAt":"2026-05-08T16:21:22.447Z","updatedAt":"2026-05-08T16:21:22.449Z","entryType":"informational_message_update","sourceId":431,"sourceType":"update"},{"title":"Update","content":"The Heroku-hosted web applications and customer databases are now fully operational after the migration to a new availability zone. In parallel, we're continuing to evaluate whether we can manually fail over the Marketing Cloud Intelligence service to a different availability zone. \nWe'll provide an update when additional information becomes available.","createdAt":"2026-05-08T15:48:58.081Z","updatedAt":"2026-05-08T15:48:58.083Z","entryType":"informational_message_update","sourceId":430,"sourceType":"update"},{"title":"Update","content":"The impact to the Heroku service wasn't resolved as was previously understood. Customers are experiencing that their web apps are failing and returning 500 errors. This is due to the underlying databases being inaccessible. \n\nThe latest update from our upstream service provider is that they're still working to resolve the issue on their end. \n\nIn parallel, we are evaluating whether we can manually fail over the Marketing Cloud Intelligence service to a different availability zone. \n\nWe will provide an update when additional information becomes available.","createdAt":"2026-05-08T14:52:54.948Z","updatedAt":"2026-05-08T14:52:54.950Z","entryType":"informational_message_update","sourceId":429,"sourceType":"update"},{"title":"Update","content":"We’ve identified that the Marketing Cloud Personalization service was also impacted by this issue. Customers may have received 500 errors when using the service. Remediation steps were taken by routing traffic to a healthy availability zone and this brought customers out of impact at 01:30 UTC. \n\nWork is still underway to resolve the impact to Marketing Cloud Intelligence customers. \n\nWe will provide an update when additional information becomes available.","createdAt":"2026-05-08T13:31:12.448Z","updatedAt":"2026-05-08T13:31:12.450Z","entryType":"informational_message_update","sourceId":428,"sourceType":"update"},{"title":"Update","content":"Upon further investigation, it has been confirmed that Marketing Cloud Account Engagement customers were incorrectly identified as having been impacted. We apologize for any confusion caused by this.\n\nWe are continuing to work with our vendor to resolve the remaining impact to Marketing Cloud Intelligence and will provide an update when additional information becomes available.","createdAt":"2026-05-08T12:48:21.854Z","updatedAt":"2026-05-08T12:48:21.856Z","entryType":"informational_message_update","sourceId":427,"sourceType":"update"},{"title":"Update","content":"Our upstream service provider is making progress to resolve this issue and as part of their recovery efforts, a subset of our services are now out of impact. The services which have recovered include MuleSoft, Heroku, and Marketing Cloud Account Engagement.\n\nThe only remaining Salesforce service which remains impacted is Marketing Cloud Intelligence.  Customers using this service are experiencing issues loading their dashboards.\n\nWe don't have an estimated time for when impact to Marketing Cloud Intelligence will be fully restored and are continuing to work with our upstream service provider.\n\nWe'll provide an update when have additional information.","createdAt":"2026-05-08T12:33:31.970Z","updatedAt":"2026-05-08T12:46:26.752Z","entryType":"informational_message_update","sourceId":426,"sourceType":"update"},{"title":"Update","content":"We continue to work with our third-party infrastructure provider to restore remaining impacted services in the US-East-1 region where customers may experience slow performance, intermittent errors, dashboard loading issues, or feature access issues affecting Heroku, Marketing Cloud Intelligence, and Marketing Cloud Account Engagement services.\n\nRecovery efforts and infrastructure stabilization activities remain in progress, and workloads continue to be redirected to healthy infrastructure. \n\nSeveral services moved to healthy infrastructure have recovered and are operating business as usual, including MuleSoft. However, a subset of customers may still experience slow performance, intermittent errors, or feature access issues across some Salesforce services.\n\nWe remain engaged in monitoring service health and validating recovery across impacted services.","createdAt":"2026-05-08T08:48:50.714Z","updatedAt":"2026-05-08T08:56:07.230Z","entryType":"informational_message_update","sourceId":425,"sourceType":"update"},{"title":"Update","content":"Service recovery is progressing and workloads continue to be redirected to healthy infrastructure. Services that have been moved to healthy infrastructure have recovered and are operating at normal service levels. We have no ETA for when all impacted services will be fully restored at this time. \n\nWe'll provide an update in 60 minutes or sooner if additional information becomes available.","createdAt":"2026-05-08T05:12:30.538Z","updatedAt":"2026-05-08T05:12:30.540Z","entryType":"informational_message_update","sourceId":424,"sourceType":"update"},{"title":"Update","content":"We continue to monitor all affected services and are engaging our third-party infrastructure provider to accelerate recovery. We're also taking steps to redirect workloads to healthy infrastructure.\n\nWe'll provide an update in 60 minutes or sooner if additional information becomes available.","createdAt":"2026-05-08T04:18:59.162Z","updatedAt":"2026-05-08T04:18:59.165Z","entryType":"informational_message_update","sourceId":423,"sourceType":"update"},{"title":"Update","content":"We continue to assess the impact across various cloud services. We identified the issue as an infrastructure problem affecting a single availability zone in the US East region. \nWe're working with a third-party vendor, and are redirecting traffic away from the affected infrastructure. We continue to monitor service health and work with our infrastructure provider toward full service restoration.\n\nWe'll provide another update in 60 minutes, or sooner if additional information becomes available.","createdAt":"2026-05-08T03:08:11.023Z","updatedAt":"2026-05-08T03:08:11.026Z","entryType":"informational_message_update","sourceId":422,"sourceType":"update"},{"title":"Cross-Cloud Performance degradation ","content":"Impact: A subset of customers in the US-East-1 region may have experienced performance degradation.\n\nAll impacted Salesforce services are now fully operational.\n\nRecovered Services: \nHeroku: Recovered at 17:17 UTC\nMuleSoft: Recovered at 07:26 UTC.\nMarketing Cloud Personalization: Recovered at 01:30 UTC\nMarketing Cloud Intelligence: Recovered on 09 May 2026, at 15:00 UTC ","createdAt":"2026-05-08T02:42:08.689Z","updatedAt":"2026-05-10T07:34:29.573Z","entryType":"informational_message_created","sourceId":252,"sourceType":"message"}],"productKeys":[],"InformationalMessageUpdates":[{"id":20000422,"message":"We continue to assess the impact across various cloud services. We identified the issue as an infrastructure problem affecting a single availability zone in the US East region. \nWe're working with a third-party vendor, and are redirecting traffic away from the affected infrastructure. We continue to monitor service health and work with our infrastructure provider toward full service restoration.\n\nWe'll provide another update in 60 minutes, or sooner if additional information becomes available.","createdAt":"2026-05-08T03:08:11.023Z","updatedAt":"2026-05-08T03:08:11.026Z","GeneralMessageId":20000252},{"id":20000423,"message":"We continue to monitor all affected services and are engaging our third-party infrastructure provider to accelerate recovery. We're also taking steps to redirect workloads to healthy infrastructure.\n\nWe'll provide an update in 60 minutes or sooner if additional information becomes available.","createdAt":"2026-05-08T04:18:59.162Z","updatedAt":"2026-05-08T04:18:59.165Z","GeneralMessageId":20000252},{"id":20000424,"message":"Service recovery is progressing and workloads continue to be redirected to healthy infrastructure. Services that have been moved to healthy infrastructure have recovered and are operating at normal service levels. We have no ETA for when all impacted services will be fully restored at this time. \n\nWe'll provide an update in 60 minutes or sooner if additional information becomes available.","createdAt":"2026-05-08T05:12:30.538Z","updatedAt":"2026-05-08T05:12:30.540Z","GeneralMessageId":20000252},{"id":20000425,"message":"We continue to work with our third-party infrastructure provider to restore remaining impacted services in the US-East-1 region where customers may experience slow performance, intermittent errors, dashboard loading issues, or feature access issues affecting Heroku, Marketing Cloud Intelligence, and Marketing Cloud Account Engagement services.\n\nRecovery efforts and infrastructure stabilization activities remain in progress, and workloads continue to be redirected to healthy infrastructure. \n\nSeveral services moved to healthy infrastructure have recovered and are operating business as usual, including MuleSoft. However, a subset of customers may still experience slow performance, intermittent errors, or feature access issues across some Salesforce services.\n\nWe remain engaged in monitoring service health and validating recovery across impacted services.","createdAt":"2026-05-08T08:48:50.714Z","updatedAt":"2026-05-08T08:56:07.230Z","GeneralMessageId":20000252},{"id":20000426,"message":"Our upstream service provider is making progress to resolve this issue and as part of their recovery efforts, a subset of our services are now out of impact. The services which have recovered include MuleSoft, Heroku, and Marketing Cloud Account Engagement.\n\nThe only remaining Salesforce service which remains impacted is Marketing Cloud Intelligence.  Customers using this service are experiencing issues loading their dashboards.\n\nWe don't have an estimated time for when impact to Marketing Cloud Intelligence will be fully restored and are continuing to work with our upstream service provider.\n\nWe'll provide an update when have additional information.","createdAt":"2026-05-08T12:33:31.970Z","updatedAt":"2026-05-08T12:46:26.752Z","GeneralMessageId":20000252},{"id":20000427,"message":"Upon further investigation, it has been confirmed that Marketing Cloud Account Engagement customers were incorrectly identified as having been impacted. We apologize for any confusion caused by this.\n\nWe are continuing to work with our vendor to resolve the remaining impact to Marketing Cloud Intelligence and will provide an update when additional information becomes available.","createdAt":"2026-05-08T12:48:21.854Z","updatedAt":"2026-05-08T12:48:21.856Z","GeneralMessageId":20000252},{"id":20000428,"message":"We’ve identified that the Marketing Cloud Personalization service was also impacted by this issue. Customers may have received 500 errors when using the service. Remediation steps were taken by routing traffic to a healthy availability zone and this brought customers out of impact at 01:30 UTC. \n\nWork is still underway to resolve the impact to Marketing Cloud Intelligence customers. \n\nWe will provide an update when additional information becomes available.","createdAt":"2026-05-08T13:31:12.448Z","updatedAt":"2026-05-08T13:31:12.450Z","GeneralMessageId":20000252},{"id":20000429,"message":"The impact to the Heroku service wasn't resolved as was previously understood. Customers are experiencing that their web apps are failing and returning 500 errors. This is due to the underlying databases being inaccessible. \n\nThe latest update from our upstream service provider is that they're still working to resolve the issue on their end. \n\nIn parallel, we are evaluating whether we can manually fail over the Marketing Cloud Intelligence service to a different availability zone. \n\nWe will provide an update when additional information becomes available.","createdAt":"2026-05-08T14:52:54.948Z","updatedAt":"2026-05-08T14:52:54.950Z","GeneralMessageId":20000252},{"id":20000430,"message":"The Heroku-hosted web applications and customer databases are now fully operational after the migration to a new availability zone. In parallel, we're continuing to evaluate whether we can manually fail over the Marketing Cloud Intelligence service to a different availability zone. \nWe'll provide an update when additional information becomes available.","createdAt":"2026-05-08T15:48:58.081Z","updatedAt":"2026-05-08T15:48:58.083Z","GeneralMessageId":20000252},{"id":20000431,"message":"While the majority of Heroku customers are now out of impact, we’ve determined that a small subset of customers may still be experiencing a read-only state with their databases. We're actively working to restore full functionality for all remaining affected customers. In parallel, we're continuing to evaluate whether we can manually fail over the Marketing Cloud Intelligence service to a different availability zone. \nWe'll provide an update when additional information becomes available.","createdAt":"2026-05-08T16:21:22.447Z","updatedAt":"2026-05-08T16:21:22.449Z","GeneralMessageId":20000252},{"id":20000432,"message":"We have successfully applied the fix to all remaining affected Heroku customers and Heroku databases and web applications are now fully operational for all customers. \n\nIn parallel, we're continuing to evaluate whether we can manually fail over the Marketing Cloud Intelligence service to a different availability zone. \nWe'll provide an update when additional information becomes available","createdAt":"2026-05-08T19:19:49.154Z","updatedAt":"2026-05-08T19:19:49.157Z","GeneralMessageId":20000252},{"id":20000434,"message":"Marketing Cloud Intelligence experienced the most significant impact, including dashboard loading issues and delays in data insertion. All databases have been successfully restored to their original availability zone.\n\nThe third-party vendor has confirmed that the majority of impacted infrastructure resources in the affected availability zone have been restored. A small residual subset continues recovery, with full restoration expected by the third-party vendor.","createdAt":"2026-05-10T06:35:08.361Z","updatedAt":"2026-05-10T06:35:08.363Z","GeneralMessageId":20000252},{"id":20000435,"message":"Upon further investigation, we determined that the recovered time for Marketing Cloud Intelligence was different than initially understood. We have now revised the recovered time of the post to more accurately reflect the time the recovery was completed.","createdAt":"2026-05-10T07:34:29.576Z","updatedAt":"2026-05-10T07:34:29.578Z","GeneralMessageId":20000252}]},{"id":20000244,"subject":"Security Advisory: Protecting Experience Cloud Sites from Guest User Misconfigurations ","body":"Salesforce is actively monitoring threat activity targeting public-facing Experience Cloud sites, including attempts to take advantage of overly permissive guest user configurations.\n\nAt this time, we have not identified any vulnerability inherent to the Salesforce platform associated with this activity. These attempts are focused on customer configuration settings that, if not properly secured, may increase exposure.\n\nWe encourage customers to review their Experience Cloud guest user settings and take immediate recommended actions. For additional details and steps to help protect your org, please see our blog: https://www.salesforce.com/blog/protecting-your-data-essential-actions-to-secure-experience-cloud-guest-user-access/","incidentId":null,"publicView":true,"startDate":"2026-03-08T04:00:00.000Z","endDate":null,"createdAt":"2026-03-07T23:06:36.591Z","updatedAt":"2026-03-07T23:07:25.213Z","externalId":null,"isVisibleWhenClosed":false,"isVisible":true,"informationalMessageType":"informationalMessage","status":"Active","timeline":[{"title":"Update","content":"Salesforce is actively monitoring threat activity targeting public-facing Experience Cloud sites, including attempts to take advantage of overly permissive guest user configurations.\n\nWe have identified additional guidance for customers to help protect their orgs. Please see our updated blog for recommended actions: https://www.salesforce.com/blog/protecting-your-data-essential-actions-to-secure-experience-cloud-guest-user-access/\n\nAt this time, we have not identified any vulnerability inherent to the Salesforce platform associated with this activity.","createdAt":"2026-03-12T20:20:56.359Z","updatedAt":"2026-03-12T20:20:56.361Z","entryType":"informational_message_update","sourceId":406,"sourceType":"update"},{"title":"Security Advisory: Protecting Experience Cloud Sites from Guest User Misconfigurations ","content":"Salesforce is actively monitoring threat activity targeting public-facing Experience Cloud sites, including attempts to take advantage of overly permissive guest user configurations.\n\nAt this time, we have not identified any vulnerability inherent to the Salesforce platform associated with this activity. These attempts are focused on customer configuration settings that, if not properly secured, may increase exposure.\n\nWe encourage customers to review their Experience Cloud guest user settings and take immediate recommended actions. For additional details and steps to help protect your org, please see our blog: https://www.salesforce.com/blog/protecting-your-data-essential-actions-to-secure-experience-cloud-guest-user-access/","createdAt":"2026-03-07T23:06:36.591Z","updatedAt":"2026-03-07T23:07:25.213Z","entryType":"informational_message_created","sourceId":244,"sourceType":"message"}],"productKeys":[],"InformationalMessageUpdates":[{"id":20000406,"message":"Salesforce is actively monitoring threat activity targeting public-facing Experience Cloud sites, including attempts to take advantage of overly permissive guest user configurations.\n\nWe have identified additional guidance for customers to help protect their orgs. Please see our updated blog for recommended actions: https://www.salesforce.com/blog/protecting-your-data-essential-actions-to-secure-experience-cloud-guest-user-access/\n\nAt this time, we have not identified any vulnerability inherent to the Salesforce platform associated with this activity.","createdAt":"2026-03-12T20:20:56.359Z","updatedAt":"2026-03-12T20:20:56.361Z","GeneralMessageId":20000244}]},{"id":20000224,"subject":"Security Advisory: Ongoing Response to Social Engineering Threats","body":"We are aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities. Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support. At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.\nOur security teams are actively working to protect customer environments and data, providing guidance and support. Customers identified as potentially affected have been notified directly. If you have not received a notification, we currently have no evidence suggesting any impact to your account. We continue to monitor the situation closely and encourage customers to remain vigilant against phishing and social engineering attempts, which remain common tactics used by threat actors.\n\nFor guidance, please review our blog post (https://www.salesforce.com/blog/protect-against-social-engineering), knowledge article (https://help.salesforce.com/s/articleView?id=005226734&type=1), and reach out through the Salesforce Help portal if you need support.","incidentId":null,"publicView":true,"startDate":"2025-10-02T14:50:00.000Z","endDate":null,"createdAt":"2025-10-02T15:58:29.023Z","updatedAt":"2025-10-17T11:49:26.040Z","externalId":null,"isVisibleWhenClosed":false,"isVisible":true,"informationalMessageType":"informationalMessage","status":"Active","timeline":[{"title":"Update","content":"Salesforce is monitoring social engineering campaigns targeting third-party identity providers (IdPs) across the industry. In these attacks, threat actors use fraudulent login pages or impersonate IT support through voice calls to steal credentials or MFA codes, or to trick users into authorizing malicious connected apps. If an IdP account is compromised, attackers may attempt to access connected applications.\n\nPlease note this issue does not stem from a vulnerability inherent to Salesforce; these attacks rely on social engineering and deceptive authentication prompts.\n\nOur security teams are actively working to protect customers and have notified potentially affected accounts. For guidance and mitigations, please review our blog post (https://www.salesforce.com/blog/protecting-salesforce-data-after-an-identity-compromise/) and knowledge article (https://help.salesforce.com/s/articleView?language=en_US&id=005226734&type=1). For support, contact Salesforce Customer Support via https://help.salesforce.com/s/?language=en_US.","createdAt":"2026-01-30T15:58:12.170Z","updatedAt":"2026-01-30T15:58:12.172Z","entryType":"informational_message_update","sourceId":402,"sourceType":"update"},{"title":"Security Advisory: Ongoing Response to Social Engineering Threats","content":"We are aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities. Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support. At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.\nOur security teams are actively working to protect customer environments and data, providing guidance and support. Customers identified as potentially affected have been notified directly. If you have not received a notification, we currently have no evidence suggesting any impact to your account. We continue to monitor the situation closely and encourage customers to remain vigilant against phishing and social engineering attempts, which remain common tactics used by threat actors.\n\nFor guidance, please review our blog post (https://www.salesforce.com/blog/protect-against-social-engineering), knowledge article (https://help.salesforce.com/s/articleView?id=005226734&type=1), and reach out through the Salesforce Help portal if you need support.","createdAt":"2025-10-02T15:58:29.023Z","updatedAt":"2025-10-17T11:49:26.040Z","entryType":"informational_message_created","sourceId":224,"sourceType":"message"}],"productKeys":[],"InformationalMessageUpdates":[{"id":20000402,"message":"Salesforce is monitoring social engineering campaigns targeting third-party identity providers (IdPs) across the industry. In these attacks, threat actors use fraudulent login pages or impersonate IT support through voice calls to steal credentials or MFA codes, or to trick users into authorizing malicious connected apps. If an IdP account is compromised, attackers may attempt to access connected applications.\n\nPlease note this issue does not stem from a vulnerability inherent to Salesforce; these attacks rely on social engineering and deceptive authentication prompts.\n\nOur security teams are actively working to protect customers and have notified potentially affected accounts. For guidance and mitigations, please review our blog post (https://www.salesforce.com/blog/protecting-salesforce-data-after-an-identity-compromise/) and knowledge article (https://help.salesforce.com/s/articleView?language=en_US&id=005226734&type=1). For support, contact Salesforce Customer Support via https://help.salesforce.com/s/?language=en_US.","createdAt":"2026-01-30T15:58:12.170Z","updatedAt":"2026-01-30T15:58:12.172Z","GeneralMessageId":20000224}]},{"id":20000251,"subject":"Agentforce metadata retrieval and deployment issues.","body":"We're aware of an issue impacting agent metadata services. As a result, customers are unable to retrieve or deploy agent metadata. \nWe are investigating the cause and exploring paths to resolution. \nWe'll provide an update in 30 minutes or sooner if additional information becomes available.","incidentId":"90417377","publicView":true,"startDate":"2026-05-07T13:48:00.000Z","endDate":"2026-05-08T02:00:00.000Z","createdAt":"2026-05-08T00:42:38.518Z","updatedAt":"2026-05-08T01:59:48.752Z","externalId":null,"isVisibleWhenClosed":false,"isVisible":true,"informationalMessageType":"productSpecific","status":"Resolved","timeline":[{"title":"Update","content":"The team continues to investigate the issue affecting customers retrieving and deploying agent metadata activities. A fix has been validated and prepared for deployment. During the course of the investigation, we've identified the impacted instances. \n\nPlease see https://status.salesforce.com/incidents/20003997 for all further communications about this issue.","createdAt":"2026-05-08T01:55:01.629Z","updatedAt":"2026-05-08T01:55:01.633Z","entryType":"informational_message_update","sourceId":421,"sourceType":"update"},{"title":"Agentforce metadata retrieval and deployment issues.","content":"We're aware of an issue impacting agent metadata services. As a result, customers are unable to retrieve or deploy agent metadata. \nWe are investigating the cause and exploring paths to resolution. \nWe'll provide an update in 30 minutes or sooner if additional information becomes available.","createdAt":"2026-05-08T00:42:38.518Z","updatedAt":"2026-05-08T01:59:48.752Z","entryType":"informational_message_created","sourceId":251,"sourceType":"message"}],"productKeys":["Salesforce_Services"],"InformationalMessageUpdates":[{"id":20000421,"message":"The team continues to investigate the issue affecting customers retrieving and deploying agent metadata activities. A fix has been validated and prepared for deployment. During the course of the investigation, we've identified the impacted instances. \n\nPlease see https://status.salesforce.com/incidents/20003997 for all further communications about this issue.","createdAt":"2026-05-08T01:55:01.629Z","updatedAt":"2026-05-08T01:55:01.633Z","GeneralMessageId":20000251}]},{"id":20000253,"subject":"Issue with Scratch Org and Trial Org Creation","body":"Issue: We investigated an issue affecting Scratch Org and Trial Org creation for customers.\n\nImpact: A unique subset of Marketing Cloud Advanced or Marketing Cloud Growth customers who are unable to create scratch orgs may experience problems with sandbox refreshes and new org creation.\n","incidentId":null,"publicView":true,"startDate":"2026-05-08T21:08:00.000Z","endDate":"2026-05-09T00:00:00.000Z","createdAt":"2026-05-08T19:44:39.237Z","updatedAt":"2026-05-09T00:20:56.495Z","externalId":"90447317","isVisibleWhenClosed":false,"isVisible":true,"informationalMessageType":"informationalMessage","status":"Resolved","timeline":[{"title":"Update","content":"We’re implementing a fix to revert the recent code, which is targeted for deployment this coming week. For more information and updates on this issue, please refer to the Known Issue article: https://help.salesforce.com/s/issue?id=a02Ka00000mFVk5.\n\nWe apologize for how this incident affected you and your business. We will undertake a full investigation of the incident, establishing the technical trigger, the underlying cause, and preventive action to avoid a repeat in the future.","createdAt":"2026-05-09T00:20:56.498Z","updatedAt":"2026-05-09T00:20:56.499Z","entryType":"informational_message_update","sourceId":433,"sourceType":"update"},{"title":"Issue with Scratch Org and Trial Org Creation","content":"Issue: We investigated an issue affecting Scratch Org and Trial Org creation for customers.\n\nImpact: A unique subset of Marketing Cloud Advanced or Marketing Cloud Growth customers who are unable to create scratch orgs may experience problems with sandbox refreshes and new org creation.\n","createdAt":"2026-05-08T19:44:39.237Z","updatedAt":"2026-05-09T00:20:56.495Z","entryType":"informational_message_created","sourceId":253,"sourceType":"message"}],"productKeys":[],"InformationalMessageUpdates":[{"id":20000433,"message":"We’re implementing a fix to revert the recent code, which is targeted for deployment this coming week. For more information and updates on this issue, please refer to the Known Issue article: https://help.salesforce.com/s/issue?id=a02Ka00000mFVk5.\n\nWe apologize for how this incident affected you and your business. We will undertake a full investigation of the incident, establishing the technical trigger, the underlying cause, and preventive action to avoid a repeat in the future.","createdAt":"2026-05-09T00:20:56.498Z","updatedAt":"2026-05-09T00:20:56.499Z","GeneralMessageId":20000253}]},{"id":20000254,"subject":"Cross-Cloud Service Disruption — USA East Region","body":"On May 21, 2026 at 20:00 UTC, customers geolocated in the USA East Region were unable to log in to their Salesforce services via login.salesforce.com and test.salesforce.com. Services that may have been affected include Core, CRM Analytics, Salesforce Maps, Marketing Cloud Account Engagement, and MuleSoft.\n","incidentId":null,"publicView":true,"startDate":"2026-05-21T20:00:00.000Z","endDate":"2026-05-22T01:37:00.000Z","createdAt":"2026-05-21T23:52:54.456Z","updatedAt":"2026-05-22T03:34:01.029Z","externalId":"90843984","isVisibleWhenClosed":false,"isVisible":true,"informationalMessageType":"informationalMessage","status":"Resolved","timeline":[{"title":"Update","content":"We found that storage and system resource exhaustion caused instability. We cleared the affected systems and restarted impacted services to restore stability. These issues are now resolved and service access restored at 01:37 AM, UTC on May 22. \n\nWe apologize for how this incident affected you and your business. We will undertake a full investigation of the incident, establishing the technical trigger, the underlying cause, and preventive action to avoid a repeat in the future.","createdAt":"2026-05-22T02:43:28.494Z","updatedAt":"2026-05-22T04:31:33.101Z","entryType":"informational_message_update","sourceId":438,"sourceType":"update"},{"title":"Update","content":"We're making significant progress with remediation, and are seeing improvements to services. Further, we have been brought in additional resources and are actively working to restore full service as swiftly as possible.\n\nWe will share another update within 30 minutes, or sooner, as progress continues.","createdAt":"2026-05-22T01:04:50.668Z","updatedAt":"2026-05-22T04:53:47.422Z","entryType":"informational_message_update","sourceId":437,"sourceType":"update"},{"title":"Update","content":"We understand this is impacting your ability to access Salesforce via login.salesforce.com and test.salesforce.com, and we sincerely apologize for the disruption this is causing to you and your business. \nOur engineering teams are actively working to resolve this as quickly as possible. We'll provide an update in 30 minutes or sooner if additional information becomes available.","createdAt":"2026-05-22T00:35:52.222Z","updatedAt":"2026-05-22T00:35:52.225Z","entryType":"informational_message_update","sourceId":436,"sourceType":"update"},{"title":"Cross-Cloud Service Disruption — USA East Region","content":"On May 21, 2026 at 20:00 UTC, customers geolocated in the USA East Region were unable to log in to their Salesforce services via login.salesforce.com and test.salesforce.com. Services that may have been affected include Core, CRM Analytics, Salesforce Maps, Marketing Cloud Account Engagement, and MuleSoft.\n","createdAt":"2026-05-21T23:52:54.456Z","updatedAt":"2026-05-22T03:34:01.029Z","entryType":"informational_message_created","sourceId":254,"sourceType":"message"}],"productKeys":[],"InformationalMessageUpdates":[{"id":20000436,"message":"We understand this is impacting your ability to access Salesforce via login.salesforce.com and test.salesforce.com, and we sincerely apologize for the disruption this is causing to you and your business. \nOur engineering teams are actively working to resolve this as quickly as possible. We'll provide an update in 30 minutes or sooner if additional information becomes available.","createdAt":"2026-05-22T00:35:52.222Z","updatedAt":"2026-05-22T00:35:52.225Z","GeneralMessageId":20000254},{"id":20000437,"message":"We're making significant progress with remediation, and are seeing improvements to services. Further, we have been brought in additional resources and are actively working to restore full service as swiftly as possible.\n\nWe will share another update within 30 minutes, or sooner, as progress continues.","createdAt":"2026-05-22T01:04:50.668Z","updatedAt":"2026-05-22T04:53:47.422Z","GeneralMessageId":20000254},{"id":20000438,"message":"We found that storage and system resource exhaustion caused instability. We cleared the affected systems and restarted impacted services to restore stability. These issues are now resolved and service access restored at 01:37 AM, UTC on May 22. \n\nWe apologize for how this incident affected you and your business. We will undertake a full investigation of the incident, establishing the technical trigger, the underlying cause, and preventive action to avoid a repeat in the future.","createdAt":"2026-05-22T02:43:28.494Z","updatedAt":"2026-05-22T04:31:33.101Z","GeneralMessageId":20000254}]},{"id":10001498,"subject":"U.S., EU, and UK Regulations on Software Provision to Russia","body":"Salesforce takes its sanctions and export control obligations seriously, and we require our customers and partners to do the same. Under current United States, European Union, and United Kingdom sanctions, the provision of enterprise management software to individuals or entities in Russia is prohibited. \n\nUntil further notice, we expect our customers and partners will not provide access to Salesforce products and services to their users or affiliates in Russia without appropriate legal authorization. Salesforce may implement technical access controls to support compliance with applicable laws, including as per compliance with OFAC’s Determination Pursuant to Section 1(a)(ii) of Executive Order 14071, European Union Council Regulation 2023/2878, and the United Kingdom Russia (Sanctions) (EU Exit) (Amendment) Regulations 2025.\n\nIf your organization requires access to Salesforce products or services in Russia, please contact your Salesforce account team to discuss our exceptions process.\n","incidentId":null,"publicView":true,"startDate":"2025-04-22T17:12:00.000Z","endDate":null,"createdAt":"2025-04-22T17:13:23.193Z","updatedAt":"2025-10-07T17:48:18.615Z","externalId":null,"isVisibleWhenClosed":false,"isVisible":true,"informationalMessageType":"informationalMessage","status":"Active","timeline":[{"title":"U.S., EU, and UK Regulations on Software Provision to Russia","content":"Salesforce takes its sanctions and export control obligations seriously, and we require our customers and partners to do the same. Under current United States, European Union, and United Kingdom sanctions, the provision of enterprise management software to individuals or entities in Russia is prohibited. \n\nUntil further notice, we expect our customers and partners will not provide access to Salesforce products and services to their users or affiliates in Russia without appropriate legal authorization. Salesforce may implement technical access controls to support compliance with applicable laws, including as per compliance with OFAC’s Determination Pursuant to Section 1(a)(ii) of Executive Order 14071, European Union Council Regulation 2023/2878, and the United Kingdom Russia (Sanctions) (EU Exit) (Amendment) Regulations 2025.\n\nIf your organization requires access to Salesforce products or services in Russia, please contact your Salesforce account team to discuss our exceptions process.\n","createdAt":"2025-04-22T17:13:23.193Z","updatedAt":"2025-10-07T17:48:18.615Z","entryType":"informational_message_created","sourceId":196,"sourceType":"message"}],"productKeys":[],"InformationalMessageUpdates":[]},{"id":20000246,"subject":"How Salesforce is preparing for the frontier AI threat landscape","body":"Anthropic’s announcement of Claude Mythos underscores a reality Salesforce has been preparing for: increasingly capable frontier AI models will continue to accelerate the evolution of the cybersecurity landscape.\n\nOur security teams are continuously evaluating how frontier models like Mythos may change attacker and defender capabilities, and we are applying those insights to strengthen our security posture and guide continued enhancements across our environment.\n\nWe view this as an acceleration of work already underway, not a departure from it. Salesforce has long invested in automation and AI to help identify risk, strengthen defenses, and support the trust our customers place in us.\n\nTrust remains our #1 value, and we remain focused on helping protect our customers’ data in a rapidly evolving threat environment.","incidentId":null,"publicView":true,"startDate":"2026-04-14T06:23:00.000Z","endDate":null,"createdAt":"2026-04-13T23:24:55.319Z","updatedAt":"2026-04-13T23:24:55.322Z","externalId":null,"isVisibleWhenClosed":false,"isVisible":true,"informationalMessageType":"informationalMessage","status":"Active","timeline":[{"title":"How Salesforce is preparing for the frontier AI threat landscape","content":"Anthropic’s announcement of Claude Mythos underscores a reality Salesforce has been preparing for: increasingly capable frontier AI models will continue to accelerate the evolution of the cybersecurity landscape.\n\nOur security teams are continuously evaluating how frontier models like Mythos may change attacker and defender capabilities, and we are applying those insights to strengthen our security posture and guide continued enhancements across our environment.\n\nWe view this as an acceleration of work already underway, not a departure from it. Salesforce has long invested in automation and AI to help identify risk, strengthen defenses, and support the trust our customers place in us.\n\nTrust remains our #1 value, and we remain focused on helping protect our customers’ data in a rapidly evolving threat environment.","createdAt":"2026-04-13T23:24:55.319Z","updatedAt":"2026-04-13T23:24:55.322Z","entryType":"informational_message_created","sourceId":246,"sourceType":"message"}],"productKeys":[],"InformationalMessageUpdates":[]},{"id":20000227,"subject":"Security Alert: Phishing Campaign with Malicious links","body":"Salesforce is aware of and closely monitoring a phishing campaign appearing as fraudulent emails from Salesforce with a malicious link to download Remote Monitoring & Management (RMM) software.\n\nOur security teams are working diligently to contain this issue and urge all customers to maintain a high level of vigilance against phishing and social engineering attempts, as these remain frequently used tactics by threat actors. If you receive requests from Salesforce to install RMM software, we recommend you validate its legitimacy with Salesforce Support or architect teams prior to taking action by opening up a ticket through the Salesforce Help portal.\n\nFor guidance and support, please reach out through the Salesforce Help portal. You can also refer to this article for guidance on how to protect your environments from social engineering threats: https://www.salesforce.com/blog/protect-against-social-engineering/. ","incidentId":null,"publicView":true,"startDate":"2025-10-21T14:48:00.000Z","endDate":null,"createdAt":"2025-10-22T01:49:54.286Z","updatedAt":"2025-10-22T02:17:32.054Z","externalId":null,"isVisibleWhenClosed":false,"isVisible":true,"informationalMessageType":"informationalMessage","status":"Active","timeline":[{"title":"Security Alert: Phishing Campaign with Malicious links","content":"Salesforce is aware of and closely monitoring a phishing campaign appearing as fraudulent emails from Salesforce with a malicious link to download Remote Monitoring & Management (RMM) software.\n\nOur security teams are working diligently to contain this issue and urge all customers to maintain a high level of vigilance against phishing and social engineering attempts, as these remain frequently used tactics by threat actors. If you receive requests from Salesforce to install RMM software, we recommend you validate its legitimacy with Salesforce Support or architect teams prior to taking action by opening up a ticket through the Salesforce Help portal.\n\nFor guidance and support, please reach out through the Salesforce Help portal. You can also refer to this article for guidance on how to protect your environments from social engineering threats: https://www.salesforce.com/blog/protect-against-social-engineering/. ","createdAt":"2025-10-22T01:49:54.286Z","updatedAt":"2025-10-22T02:17:32.054Z","entryType":"informational_message_created","sourceId":227,"sourceType":"message"}],"productKeys":[],"InformationalMessageUpdates":[]}],"Maintenances":[]}