Salesforce cloud glitch blurted customer data at unauthorised users

Put your minds at REST ... there's no 'evidence of malicious behavior'

Salesforce web page

Customer data stored on Salesforce's marketing cloud might have been shared with unauthorised parties, cloud slinger has warned.

Users of the software firm's Marketing Cloud Email Studio or Predictive Intelligence products may have been affected by a glitch that meant their data was either copied to the systems of other users or corrupted.

The glitch stemmed from a programming error in Salesforce's REST application programming interface and lasted between early June to the middle of July, an alert on the CRM firm's knowledge base explained.

During a Marketing Cloud release that was rolled out between June 4, 2018 and July 7, a code change was introduced that may have caused a small subset of REST API calls to improperly retrieve or write data from one customer's account to another.

The Salesforce Security team became aware of the issue on July 18, 2018. An emergency release (eRelease) was deployed at 5:00 UTC on July 18, resolving the issue for all Marketing Cloud stacks. We have no evidence of malicious behavior associated with this issue.

Customers who may have been impacted by this issue were notified.

Although the issue was resolved by mid-July, news of the problem only broke recently after alerts went out. ®




Biting the hand that feeds IT © 1998–2018