I'm modestly surprised to learn Google was using Salesforce internally at all; the NIH runs deep with that company (they even have their own bugtracker because every other option just wouldn't cut it).
On the other hand, the past decade-ish has seen them grow very rapidly via acquisition, so perhaps this DB was grandfathered in via an acquired company and hadn't yet been replaced by anything internal.
(For Salesforce in particular though, I'd be willing to believe Google doesn't have an in-house alternative... People asked for a Salesforce-like in Google Workspace for years and the company had no interest. I have a hunch that most Googlers find the idea of creating a new CRM to be a profoundly boring intellectual exercise).
> The instance was used to store contact information and related notes for small and medium businesses. Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off. The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.
My guess is leaked from a misconfigured force.com site often used as a support portal or kb. Up until recently they came misconfigured by default to allow public access to the basic info of accounts, contact, opportunity through list view endpoints.
Back in 2019 I had a client affected by this (luckily caught by a white hat). Curious, I searched *.site.force.com and found thousands of potentially impacted sites (vulnerability could be tested without exfil of any data). In recent years SF has had many security patches to try and close these holes, but my understanding is most required action by the admin to take effect.
I was always confused how SF managed to keep this out of the news.
11 comments
[ 1.6 ms ] story [ 33.5 ms ] threadOn the other hand, the past decade-ish has seen them grow very rapidly via acquisition, so perhaps this DB was grandfathered in via an acquired company and hadn't yet been replaced by anything internal.
(For Salesforce in particular though, I'd be willing to believe Google doesn't have an in-house alternative... People asked for a Salesforce-like in Google Workspace for years and the company had no interest. I have a hunch that most Googlers find the idea of creating a new CRM to be a profoundly boring intellectual exercise).
> The instance was used to store contact information and related notes for small and medium businesses. Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off. The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.
Uh, it's the users that suffer.
You Suffer https://www.youtube.com/watch?v=_-ywSPWu3K8
UNC6040: lool.
Back in 2019 I had a client affected by this (luckily caught by a white hat). Curious, I searched *.site.force.com and found thousands of potentially impacted sites (vulnerability could be tested without exfil of any data). In recent years SF has had many security patches to try and close these holes, but my understanding is most required action by the admin to take effect.
I was always confused how SF managed to keep this out of the news.