Plug pulled on instances as engineers scramble to protect customer info
Salesforce customers have been unable to access the service since 0956 PDT (1656 UTC) on Friday, thanks to a ham-handed database deployment.
Shortly thereafter, the cloud CRM biz said that it’s looking into an issue linked to current or past users of its Pardot B2B marketing automation system.
It seems the US tech giant granted Pardot customers access privileges they should not have, which is to say access to everything. As was observed on Reddit, “One of our projects had all its profiles modified to enable modify all, allowing all users access to all data.”
To deal with the mess, Salesforce’s IT team has denied all access to more than 100 cloud instances that host Pardot users, shutting out everyone else using those servers at the same time.
“The deployment of a database script resulted in granting users broader data access than intended,” Salesforce said in a note posted at 1033 PDT (1733 UTC). “To protect our customers, we have blocked access to all instances that contain affected customers until we can complete the removal of the inadvertent permissions in the affected customer orgs.”
Salesforce says customers with no ties to Pardot may experience service disruption. The biz insists it’s working to restore things as quickly as it can.
Social media of course has risen to the occasion with a litany of complaints. Some people report that their entire company has ended the week early and gone home on account of the cloud service outage.
Via Twitter, Salesforce CTO and co-founder Patrick Harris apologized for the screwup.
To all of our @salesforce customers, please be aware that we are experiencing a major issue with our service and apologize for the impact it is having on you. Please know that we have all hands on this issue and are resolving as quickly as possible.
— Parker Harris (@parkerharris) May 17, 2019
In a statement emailed to The Register, Balaji Parimi, CEO of security biz CloudKnox, cautioned that companies need to understand over-provisioned privileges represent a more likely threat than external attacks or insider threats.
“Security teams need to make sure that privileges with massive powers are restricted to a small number of properly trained personnel,” he said. “Until companies better understand which identities have the privileges that can lead to these types of accidents and proactively manage those privileges to minimize their risk exposure, they’ll be vulnerable to devastating incidents like the one we’re seeing with Salesforce right now.”
The Register asked Salesforce to comment but we’ve not heard back. No doubt they’re rather busy at the moment. ®