Salesforce misconfiguration can expose sensitive data

Researchers at Varonis are warning about a Salesforce misconfiguration that can expose sensitive data to anyone on the internet. The issue is in the Salesforce Community, which lets Salesforce customers create their own websites to connect with users outside their organization and collaborate. Communities can feature all sorts of functionality, like Q&As, forums, a partner portal, and more. Communities can also allow anonymous users to query objects -- such as customer lists, support cases, employee email addresses, and more -- containing sensitive information. Varonis researcher Nitay Bachrach says, "At a minimum, a malicious actor could exploit this misconfiguration to perform… [Continue Reading]