Web
application penetration testing specialists reported that Salesforce,
the well-known software as a service company, suffered a massive disruption to
its service over the lasrt weekend. The service was partially restored during
the last few hours, although the company’s recovery process is not yet
concluded.
This massive drop in service was triggered by a
script error that affected all of Pardot’s clients, marketing automation software;
in addition, a database script inadvertently provided users with broader access
to data with levels of high privilege access.
Through social media, mainly Twitter,
multiple users showed their displeasure with the incident: “The outage in Salesforce means that I
can’t do my job regularly; half of the tabs are missing”, the user @RBfree850
tweeted.
The first step that Salesforce took in response
to this incident was to disable any access to the company’s customers, not just
Pardot’s customers, while the incident was corrected, web application
penetration testing specialists mentioned.
Subsequently, the company restored access to
users who were not affected by the incident, which meant that regular
Salesforce users were able to normalize their activities. However, things were
different for users of the Pardot software, because in this case only system
administrators were able to recover their access.
Administrators must then rebuild the user
profiles and grant the corresponding access permissions. Although this might
sound like a really tedious process, web application penetration testing
experts say it’s possible to deploy existing backups from the software’s
sandbox.
According to the experts from the International
Institute of Cyber Security (IICS), this is a clear example of a risk of
cybersecurity is originated not necessarily by threat actors, but by a poorly
implemented information security policy. Companies need to restrict as much as
possible the number of people with high access privileges to the critical
systems and data of an organization; a more proactive information security
policy can be the difference between a safe environment and one that is exposed
to higher external risks.
