Salesforce: cloud giant grants users access to all data
Post By: datares Category:

Salesforce? Salesfarce: Cloud giant in multi-hour meltdown after database blunder grants users access to all data. Plug pulled on instances as engineers scramble to protect customer info.

First published by Thomas Clanburn, 17th May 2019, theregister.co.uk.

Unlucky Salesforce customers have been unable to reach the service since 0956 PDT (1656 UTC) on Friday, thanks to a ham-handed database deployment. Shortly thereafter, the cloud CRM biz said that it’s looking into an issue linked to current or past users of its Pardot B2B marketing automation system.

It seems the US tech giant granted Pardot customers access privileges they should not have, which is to say access to everything and alter any data. As was observed on Reddit, “One of our projects had all its profiles modified to enable modify all, allowing all users access to all data.”

To deal with the mess, Salesforce’s IT team has denied all access to more than 100 cloud instances that host Pardot users, shutting out everyone else using those same systems, whether or not they were using Pardot.

Continue reading here.

An update on this story, by CRN, May 19th 2019, is available here.