[BreachExchange] Salesforce suffers major outage providing data access irrespective of the permission settings

Destry Winant destry at riskbasedsecurity.com
Tue May 21 09:37:10 EDT 2019 

https://securityboulevard.com/2019/05/salesforce-suffers-major-outage-providing-data-access-irrespective-of-the-permission-settings/

Salesforce said that the outage, which began on Friday and lasted just
over 15 hours, is over – although some may experience a few issues as
the platform gets back up to speed.

Salesforce’s chief technology officer and a co-founder, Parker Harris,
acknowledged the issue at 12:40 p.m. Eastern time the same day, and
tweeted that Salesforce employees were working on the problem.

According to reports on Reddit, users not only received read access
but also received write permissions, thus, making it easy for
malicious employees to steal or tamper with a company’s data.

Salesforce said the script only impacted customers of Salesforce
Pardot or have used Pardot in the past. According to The Register, “To
deal with the mess, Salesforce’s IT team has denied all access to more
than 100 cloud instances that host Pardot users, shutting out everyone
else using those same systems, whether or not they were using Pardot.”
Customers who were not affected may have also experienced certain
service disruptions including customers using Marketing Cloud
integrations.

Salesforce customers in Europe and North America were the most
impacted by the company shutting down access to its own service.
Salesforce said, “We have started unblocking customers who were not
affected by the permission issues.”

On the 18th, at 5.40 a.m. Eastern time, Salesforce, on its status
page, announced that access had been restored for administrators of
all organizations that had been affected by the permission issues. “We
are preparing a set of instructions for admins that may need guidance
on how to manually restore those permissions. As soon as the
instructions are final, we will inform admins via an email that will
contain a link to the instructions,” the company said.

The company further updated:

“We have restored administrators’ access to all affected orgs as of
08:04 UTC. We have prepared a set of instructions for admins that may
need guidance on how to manually restore those user permissions. We
notified admins via an email that contained a link to the
instructions.

A subset of admins may still be experiencing issues such as logging in
to their orgs, modifying perms that are uneditable, or timeouts.”

More information about the BreachExchange mailing list