Salesforce Marketing Data Exposed Through API Error

Salesforce Marketing Data Exposed Through API Error

Since its creation almost 20 years ago, Salesforce has become a cloud computing giant, boasting over 150,000 companies using their platform. With that many users, keeping valuable customer information protected is paramount. One look through their website will tell you just how much they care about cybersecurity: 

“At Salesforce, trust is our #1 value and we take the protection of our customers’ data very seriously.”

Unfortunately, despite prioritizing the safety of their clients’ data, we’re living in a world where losing customer information is becoming more and more common. And even for a giant like Salesforce, data leaks can happen — and even go unnoticed.

Here’s what you need to know about this latest leak, and how it could affect your business. 

A Small Leak Means Big Trouble

Recently, customers who use Salesforce’s Marketing Cloud feature were sent an email, stating that there had been a problem concerning their REST API. An API is an application programming interface, which is a software intermediary that allows two applications to talk to each other.

For this particular incident, this means that there was a potential for one client’s data to be retrieved or modified by a different client. Users of Salesforce’s Marketing Cloud Email Studio or Marketing Cloud Predictive Intelligence were at risk.

Furthermore, this “data leak” was taking place from June 4th to July 7th and was not recognized by Salesforce until July 18th. Luckily, this breach seems to have only affected a small amount of their Marketing Cloud users, and their faulty API was fixed the same day their customers were notified of the problem. 

Seeing how Salesforce is the chosen customer relationship management platform for powerhouse companies like Adidas and T-Mobile, even a small leak can be considered an emergency. The platform is unable to say for certain if the problem arrived organically or through darker means, although the knowledge article they released states says they have, “no evidence of malicious behavior.”

Another unsettling component to this incident is that Salesforce is unable to identify exactly which customers were affected, and if any of their information was changed or even lost.  It seems as if there was no logging system to track changes like this, which, in light of this breach, will hopefully be addressed in the future. 

Keep YOUR Data Safe

Data leaks of any kind can feel intrusive, and make you feel helpless. This case is a humbling example, as Salesforce’s faulty REST API stayed that way for over a month, going without notice. And seeing as Salesforce is a recognizable name, their clients and customers may have felt safe storing their information on their platform. Unfortunately, taking a more laissez-faire approach to cybersecurity and putting your valuable information somewhere, blindly trusting that it will be protected, isn’t going to cut it anymore. 

If you or anyone in your organization used Salesforce and their platforms, you could be at risk for a cyberattack. Since the leak, Salesforce offered their customers some advice, saying they, “recommend that you monitor and review your data carefully to ensure the accuracy of your account.” But in our fast-paced society, it can be exhausting to be on constant alert.

That’s where Switchfast comes in.

When it comes to IT management, it’s imperative to have someone you trust on the front lines. If you’re ready to take a stand against cyberattacks and data leaks, contact us. Let us provide a stronger, holistic defense for your systems, so you can focus on what you do best-running your business.

Written by Nik Vargas