From a report by CancerOnSecurity reveals that a “shocking number of organizations” are affected by the problem. Many corporations use Salesforce Community for public websites. The software can be configured so that only authenticated users can access the service. Alternatively, it is possible to activate guest access. Guests can only view certain content and should not be able to view sensitive resources. However, this is not always the case.
Infographic Security on the Internet: Germans are afraid of data misuse
Administrators often inadvertently grant guest users access to internal documents and private information. This has led to potential data leaks. Applicants’ names, social security numbers, addresses, phone numbers, and bank account numbers were accessible on the State of Vermont’s website.
Fault lies with the administrators
Salesforce has announced that the company provides its customers with clear guidelines for securely configuring a community site and protecting against unauthorized access. However, many customers seem to be overwhelmed with the platform and critics emphasize that mistakes are quickly made when setting up the site.
- Salesforce servers give access to sensitive information due to misconfigurations.
- Many corporations use Salesforce Community for public websites.
- Guest access can be limited to certain content.
- Incorrect configurations lead to potential data leaks.
- Salesforce provides guidelines for secure configuration.
- Critics emphasize that mistakes are easy to make when setting it up.
See also:
