Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

Threat Update 64 - Escaping Einstein's Wormhole

If your organization created a Salesforce Community prior to Summer 2021 you could accidentally leak sensitive information publicly unless you take steps now to remediate.
Kilian Englert
1 min read
Published November 12, 2021
Last updated January 17, 2023

Salesforce's Einstein Activity Capture (EAC) is a convenient, automated way to boost your sales team's productivity by consolidating relevant customer emails, and meetings into a central system - Salesforce. However, if your organization created a Salesforce Community prior to Summer 2021 you could accidentally leak sensitive information publicly unless you take steps now to remediate.

Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team discuss this bug discovered by the Varonis threat research team. Kilian and Ryan cover the concepts behind how EAC works, how the bug could accidentally leak sensitive information publicly, and how organizations can fix it.

Read our full write-up to learn more about this bug and how to remediate it.

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

einstein's-wormhole:-capturing-outlook-&-google-calendars-via-salesforce-guest-user-bug
Einstein's Wormhole: Capturing Outlook & Google Calendars via Salesforce Guest User Bug
If your organization uses Salesforce Communities and Einstein Activity Capture, you might have unknowingly exposed your administrator's Outlook or Google calendar events to the internet due to a bug called...
generative-ai-security:-preparing-for-salesforce-einstein-copilot
Generative AI Security: Preparing for Salesforce Einstein Copilot
See how Salesforce Einstein Copilot’s security model works and the risks you must mitigate to ensure a safe and secure rollout.
what’s-the-difference-between-hacking-and-phishing?
What’s the Difference between Hacking and Phishing?
Because I’ve boldly assigned myself the task to explain hacking and phishing, I feel compelled to define both terms concisely because, as Einstein’s been quoted countless times, “If you can’t...
rewards-and-risks:-what-generative-ai-means-for-security
Rewards and Risks: What Generative AI Means for Security
As AI has grown in popularity, concerns are being raised about the risks involved with using the technology. Learn the rewards and risks of using generative AI.