Salesforce Misconfiguration Causes Sensitive Data Leaks

Brian Krebs recently reported that an alarming number of organizations—including banks and healthcare providers—are leaking sensitive information due to a misconfiguration in Salesforce Communities.
Rob Sobers
1 min read
Last updated June 27, 2023

Brian Krebs recently reported that an alarming number of organizations—including banks and healthcare providers—are leaking sensitive information due to a misconfiguration in Salesforce Communities.

The misconfiguration, which Varonis Threat Labs documented extensively in October 2021, gives unauthenticated guest users access to records containing social security numbers and bank account info.

Discover your weak points and strengthen your resilience: Run a Free Ransomware Readiness Test

What actions should you take?

Follow our step-by-step guide that gives Salesforce admins detailed steps to:

  • Ensure your guest profile permissions don’t expose things you don’t want to be exposed (account records, employee calendars, etc.)
  • Disable API access for your guest profile
  • Set the default owner for records created by guest users
  • Enable secure guest user access

If you want hands-on help, please ask our team to perform an automatic (and free) audit of your Salesforce instances to uncover this issue and many others. 

How did this happen?

The issue is not due to a vulnerability in Salesforce’s app, but a configuration within each customer’s control.

Salesforce, like many other cloud service providers (CSPs), operates under the shared responsibility model. While the CSP is responsible for securing the underlying infrastructure and code, each customer is responsible for configuring their applications and data to ensure they are secure, monitoring user access, and maintaining compliance with regulations.

Misconfigurations providing pathways to critical data are not unique to Salesforce. Gartner notes that "through 2025, more than 99% of cloud breaches will have a root cause of preventable misconfigurations or mistakes by end users."

This isn’t the first, nor the last time a SaaS configuration will create a potential security incident. In the Great SaaS Data Exposure, our research team uncovered the massive complexity of SaaS permissions and configurations.

Ensuring SaaS security posture

It’s imperative that security teams assess SaaS exposure continuously with automation. Varonis can help secure your critical SaaS apps like Salesforce, Microsoft 365, Google, GitHub, and countless others:

  • Discover and classify sensitive data
  • Detect and respond to abnormal behavior
  • Auto-remediate excessive permissions and sharing links
  • Find and fix critical misconfigurations
  • Mitigate third-party app and supply chain risk

Varonis also makes it easy for Salesforce admins to analyze and compare permissions, so they can quickly identify unnecessary and risky access.

 

We can even automatically identify and remove unassigned Profiles and Permission Sets, getting you to a least privilege model without interrupting users.

 

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

salesforce-security:-5-ways-your-data-could-be-exposed
Salesforce Security: 5 Ways Your Data Could be Exposed
Salesforce is the lifeblood of many organizations - Here are five things you should know about your Salesforce security and how to effectively reduce risk
how-varonis-saves-salesforce-admins-hours-in-their-day
How Varonis Saves Salesforce Admins Hours in Their Day
Varonis provides industry leading Salesforce management and permission implications capabilities to help save Salesforce admins hours in their day.
how-to-prepare-for-a-salesforce-permissions-audit
How to Prepare for a Salesforce Permissions Audit
In this post, I'll walk you through what a Salesforce audit is, how permissions work, and provide tips on how you can prepare.
varonis-announces-salesforce-shield-integration
Varonis Announces Salesforce Shield Integration
Varonis now integrates with Salesforce Shield to provide deep visibility into Salesforce and help organizations secure their mission-critical data.