Massive outage in Salesforce systems last weekend

Web application penetration testing specialists reported that Salesforce, the well-known software as a service company, suffered a massive disruption to its service over the lasrt weekend. The service was partially restored during the last few hours, although the company’s recovery process is not yet concluded.

This massive drop in service was triggered by a script error that affected all of Pardot’s clients, marketing automation software; in addition, a database script inadvertently provided users with broader access to data with levels of high privilege access.

Through social media, mainly Twitter, multiple users showed their displeasure with the incident:  “The outage in Salesforce means that I can’t do my job regularly; half of the tabs are missing”, the user @RBfree850 tweeted.

The first step that Salesforce took in response to this incident was to disable any access to the company’s customers, not just Pardot’s customers, while the incident was corrected, web application penetration testing specialists mentioned.

Subsequently, the company restored access to users who were not affected by the incident, which meant that regular Salesforce users were able to normalize their activities. However, things were different for users of the Pardot software, because in this case only system administrators were able to recover their access.

Administrators must then rebuild the user profiles and grant the corresponding access permissions. Although this might sound like a really tedious process, web application penetration testing experts say it’s possible to deploy existing backups from the software’s sandbox.

According to the experts from the International Institute of Cyber Security (IICS), this is a clear example of a risk of cybersecurity is originated not necessarily by threat actors, but by a poorly implemented information security policy. Companies need to restrict as much as possible the number of people with high access privileges to the critical systems and data of an organization; a more proactive information security policy can be the difference between a safe environment and one that is exposed to higher external risks.