Salesforce suffers major outage providing data access irrespective of the permission settings
Salesforce said that the outage, which began on Friday and lasted just over 15 hours, is over – although some may experience a few issues as the platform gets back up to speed.
Salesforce’s chief technology officer and a co-founder, Parker Harris, acknowledged the issue at 12:40 p.m. Eastern time the same day, and tweeted that Salesforce employees were working on the problem.
To all of our @salesforce customers, please be aware that we are experiencing a major issue with our service and apologize for the impact it is having on you. Please know that we have all hands on this issue and are resolving as quickly as possible.
— Parker Harris (@parkerharris) May 17, 2019
According to reports on Reddit, users not only received read access but also received write permissions, thus, making it easy for malicious employees to steal or tamper with a company’s data.
Salesforce said the script only impacted customers of Salesforce Pardot or have used Pardot in the past. According to The Register, “To deal with the mess, Salesforce’s IT team has denied all access to more than 100 cloud instances that host Pardot users, shutting out everyone else using those same systems, whether or not they were using Pardot.” Customers who were not affected may have also experienced certain service disruptions including customers using Marketing Cloud integrations.
#heatmap of Salesforce Outage pic.twitter.com/8BYTefqGg6
— Mitchell Johnson (@sfdcmitch) May 17, 2019
Salesforce customers in Europe and North America were the most impacted by the company shutting down access to its own service. Salesforce said, “We have started unblocking customers who were not affected by the permission issues.”
#heatmap of Salesforce Outage pic.twitter.com/8BYTefqGg6
— Mitchell Johnson (@sfdcmitch) May 17, 2019
So I was in #Salesforce working on a report and all of a sudden…… pic.twitter.com/qQxpBxXFRc
— Derek Wyszynski (@RealSalesAdvice) May 17, 2019
On the 18th, at 5.40 a.m. Eastern time, Salesforce, on its status page, announced that access had been restored for administrators of all organizations that had been affected by the permission issues. “We are preparing a set of instructions for admins that may need guidance on how to manually restore those permissions. As soon as the instructions are final, we will inform admins via an email that will contain a link to the instructions,” the company said.
The company further updated:
“We have restored administrators’ access to all affected orgs as of 08:04 UTC. We have prepared a set of instructions for admins that may need guidance on how to manually restore those user permissions. We notified admins via an email that contained a link to the instructions.
A subset of admins may still be experiencing issues such as logging in to their orgs, modifying perms that are uneditable, or timeouts.”
To know more about this in detail, visit Salesforce’s status page.
Read Next
*** This is a Security Bloggers Network syndicated blog from Security News – Packt Hub authored by Savia Lobo. Read the original post at: https://hub.packtpub.com/salesforce-suffers-major-outage-providing-data-access-irrespective-of-the-permission-settings/