Inactive Salesforce Communities could leak sensitive data

Joseph K
Jun 2, 2023
1 min read

Threat actors could gain access to improperly deactivated or unmaintained Salesforce sites by changing the host header, thereby gaining access to sensitive personal and business data.

In a Wednesday blog post by Varonis Threat Labs, researcher Nitay Bachrach wrote so-called “ghost sites” are Salesforce communities that are no longer being used. The abandoned sites were originally designed to allow partners and customers to collaborate within a company’s Salesforce environment. Ghost sites are simply forgotten or unused collaborative sites that instead of being deactivated create a liability, researchers said.

https://www.scmagazine.com/news/cloud-security/inactive-salesforce-sensitive-data

Comments

Dreamforce expected to bring $130M to SF as Salesforce announces $15B investment in city

7 days ago

Salesforce’s Agentforce software is coming to OpenAI’s ChatGPT

7 days ago

Salesforce deepens AI ties with OpenAI, Anthropic to power Agentforce platform

7 days ago

Salesforce’s $15 Billion Investment in San Francisco Will Support AI Innovation

Oct 13

Salesforce to invest $15 billion in San Francisco as AI race heats up

Oct 13

Inactive Salesforce Communities could leak sensitive data

Comments

Recent Posts

Dreamforce expected to bring $130M to SF as Salesforce announces $15B investment in city

Salesforce’s Agentforce software is coming to OpenAI’s ChatGPT

Salesforce deepens AI ties with OpenAI, Anthropic to power Agentforce platform

Salesforce’s $15 Billion Investment in San Francisco Will Support AI Innovation

Salesforce to invest $15 billion in San Francisco as AI race heats up

Search By Tags

REACH OUT

Headquarters

Seoul Office