Salesforce Warns Customers of Potential Data Leak Due to API Error
Salesforce has warned customers of a potential data breach which may have compromised sensitive personal information. User details may have been shared with other accounts, due to an API error, SalesForce said.
In a security advisory on the matter, the company explained that it has been aware of the issue since 18 July. The error was reportedly introduced with a code change rolled out on Marketing Cloud between 4 June and 7 July.
The breach poses a significant risk for Salesforce clients, as Marketing Cloud is a CRM product, used to store contact details for customers and sales prospects, along with other highly sensitive information.
The error was reportedly resolved with an emergency release the same day it was discovered and the company reports there is “no evidence of malicious behaviour,” associated with the breach. However, it did not exclude the possibility of undiscovered misuses of data.
Salesforce alerted potentially impacted clients in an email, stating: ‘Where the issue occurred, the API call may have failed and generated an error message rather than writing or modifying data'.
It added: ‘We are unable to confirm if your data was viewed or modified by another customer. As a result, we are notifying all potentially impacted customers who accessed the Marketing Cloud during this period'.
Any organisation whose users accessed the affected products - through either the online UI or REST API calls - may have had their Marketing Cloud data corrupted, Salesforce warned.