Authentication Issue Impacting Salesforce Logins
Incident Report for Pardot
Resolved
Update:
The preliminary RCA is now available to affected customers as a Knowledge Base article. An active investigation of the incident is taking place at this time.

Knowledge Base Article: https://help.salesforce.com/articleView?id=000358250&type=1&mode=1

-----

On April 27, 2021, at approximately 13:49 Universal Coordinated Time (UTC), the Salesforce Technology team became aware of a Verification as a Service (VaaS) issue that was impacting the ability for users to log into their Salesforce environments across Commerce Cloud, Marketing Cloud, Pardot, Heroku, and core Salesforce production environments.

The Technology team began immediate investigation and determined that the issue may have impacted any customer who is enabled for multi-factor authentication. The issue only impacted new login attempts. Customers who were already logged in before the incident were not affected by this issue.

Upon further investigation, the Technology team determined that the source of the issue was likely an endpoint originating from a third-party public cloud provider that was generating significant traffic. The team investigated the issue in partnership with our cloud services provider to rule out malicious activity, and that investigation is still underway. At 16:59 UTC, the team began to deploy a software fix to throttle the endpoint in an effort to resolve the issue. That deployment successfully completed at 17:38 UTC, and after the Technology team performed its validation checks, an all-clear was declared at 17:50 UTC the same day.

Root Cause
The root cause of this issue is under investigation with the Salesforce Technology Team. An update will be provided when available.

Next Steps
The Salesforce Technology Team is monitoring the system for similar issues and will provide and update when a root cause is determined.

We sincerely apologize for the impact this incident caused you and your business; Salesforce is fully committed to minimizing downtime when incidents do occur. We also continually assess and improve our tools, processes, and architecture to provide you with the best service possible.
Posted Apr 27, 2021 - 09:49 EDT