New security research: Salesforce misconfiguration exposes data
August 2021 by Varonis
Varonis has just released that highlights findings from its security research team who discovered numerous publicly accessible Salesforce Communities that are misconfigured and expose sensitive information.
At a minimum, a malicious actor could exploit this misconfiguration to perform recon for a spear-phishing campaign. At worst, they could steal sensitive information about the business, its operations, clients, and partners.
In some cases, a sophisticated attacker may be able to move laterally and retrieve information from other services that are integrated with the Salesforce account.