Many Public Salesforce Sites are Leaking Private Data

A shocking number of organizations -- including banks and healthcare providers -- are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. From the report: The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in. Salesforce Community is a widely-used cloud-based software product that makes it easy for organizations to quickly create websites. Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). The guest access feature allows unauthenticated users to view specific content and resources without needing to log in.

However, sometimes Salesforce administrators mistakenly grant guest users access to internal resources, which can cause unauthorized users to access an organization's private information and lead to potential data leaks. Until being contacted by this reporter on Monday, the state of Vermont had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance program that exposed the applicant's full name, Social Security number, address, phone number, email, and bank account number.

Salesforce "wontfix"

[at10u8]

When Salesforce took over management of data they leaked all personal info of employees and dependents to the dark web. Their "quick" web sites are a disaster of navigation that uses computers to increase human drudgery, and when that is pointed out their response is "wontfix". In the years since they took over I have only heard complaints from every other office about how much harder it is to do things.

Re:

[gweihir]

Time to put in legal requirements with real penalties. Seems another attempt at letting the market regulate things has failed.

Default Private Access Would Help

[ranton]

It would be great if Salesforce changed their defaults to being more locked down. I'm an architect on the platform and it's simply unacceptable that this data is publicly accessible to external users by default. There are other similar security settings which have a very insecure default value. This is one issue which Salesforce deserves a lot of the blame for, even if they technically give their customers the ability to properly secure their system. They should be expected to make it much easier to do so.

Re:

[drinkypoo]

I'm just finishing up a course to become a Salesforce Administrator and I am absolutely appalled at how terrible the entire ecosystem is. The course was allegedly designed by both Salesforce and the online State CC I'm using (Calbright) and it is trash. There are modules you absolutely need (like customizing lightning experience, or more relevantly to this story, any of the user security [super]badges) which aren't in the requirements. The sample test materials are fully idiotic. They give explanations for

well I guess those people in Vermont can

[Growlley]

expect a trump fund rasing begging letter shortly then.

I have to deal with CRM stuff.

[Chas]

I mainly work on an on-premises solution.
I've had people leave for Salesforce. And I wish them luck.

Unless the business is owned by a larger one that doesn't actually use the CRM themselves, I see such clients come back in 6-12 months.