Digiflowz
Home » Business Blog Post » What You Need to Know

What You Need to Know

0
What You Need to Know
digiflowz digiflowz Business Blog Post


The Gist

  • A misconfiguration. Salesforce misconfiguration exposes private data across multiple sites, including government agencies, healthcare institutions and banks.
  • Potential risk. Over 150,000 companies relying on Salesforce are potentially at risk due to this data exposure.
  • Guest policy problem. The issue is not a vulnerability, but a misconfiguration issue that administrators make when setting up guest policies.

Gather ’round for a shocking tale of customer data security, or rather, the lack thereof! Is Salesforce, the powerhouse CRM platform you know and love, spilling your precious customer data like a fumbling waiter with a tray full of drinks? The debacle is unfolding at an alarming pace, potentially making your private data more public than a viral cat video.

Data security should be top of mind for all enterprise business leaders as the amount and types of data we hoover up continually grows. And yet the lesson of data security has reared its ugly head once again. It seems that many public Salesforce sites are now inadvertently revealing private data, and you won’t believe the impact it’s having. In the latest bombshell from KrebsOnSecurity, it has been revealed that a misconfiguration in the Salesforce platform is compromising private customer data across multiple sites. These organizations include government agencies, healthcare institutions and banks and in many cases exposed names addresses and social security numbers.

It seems that we’re playing catch-up in this ever-evolving game of cat and mouse. With more than 150,000 companies relying on Salesforce, this vulnerability has created a potential avalanche of data exposures, putting sensitive customer information at risk.

Related Article: Examining the Current State of Consumer Data Privacy Legislation

What Went Wrong

So, how did this happen? Salesforce’s public-facing sites are intended for marketing and customer relationship management (CRM) purposes. According to a statement from Salesforce, these data exposures are not the result of a vulnerability but instead are, what appears to be, a misconfiguration issue that administrators make when setting up guest policies. Krebs is on the same page, it appears, writing, “The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.”

Learning Opportunities

Salesforce has recommended in the past for administrators to ensure they are using the Guest User Access Report Package.

As a result, it’s likely that cybercriminals are having a field day, gathering valuable data to use for phishing attacks and identity theft and as businesses that collect customer data we are left scrambling to protect our customers and their information.

Stay tuned, as we continue to monitor this developing story.





Source link

digiflowz

digiflowz

Related Articles
      About

      Digiflowz.com was created by an entrepreneur who is passionate about helping other businesses reach their goals and keep up in a competitive world.

      We have collated the best Freelancer Services to help with SEO, digital marketing, branding and logo design to set you up for success.

      digiflowz.com is an affiliate of popular freelancing platform Fiverr.

      Legal Pages

      Site Links

      2023 digiflowz.com. All rights reserved.
      Digiflowz
      Logo