Salesforce warns customers of data leak caused by API error

By:  Charlie Daniels and Zero Day

The issue may have had an impact on enterprise players utilizing Salesforce marketing cloud services

Salesforce has warned customers that an API fault could have resulted in information leaks.

In a security advisory posted last week, the Software-as-a-service (SaaS) provider said that on July 18, the firm became aware of the issue, which affects a “subset” of Marketing Cloud customers that have signed up for Marketing Cloud Email Studio and Predictive Intelligence.

According to Salesforce, a Marketing Cloud update released between June 4 and July 7 introduced a code change which “may have caused a small subset of REST API calls to improperly retrieve or write data from one customer’s account to another.”

While the API error was resolved on the same day via an emergency eRelease, there is still a possibility that customers — which include Nestle, Aldo, Dunkin’ Donuts, and Maersk — may have experienced information loss.

An alert sent to customers via email added that when data was retrieved or written between customer accounts, the API call may have “failed and generated an error message rather than writing or modifying data.”

DynamicsFocus, LLC. has become the leading recruit source for growing Salesforce partners throughout North America, learn why here

Bank Info Security reports that Marketing Cloud data may also have become corrupted due to the issue.

The tech giant has not received any reports of malicious behavior associated with the security flaw but is also unable to discover whether or not customer data was viewed or altered by others at the time the faulty API was active.

“While Salesforce continues to conduct additional quality checks and testing in relation to this issue, we recommend that you monitor and review your data carefully to ensure the accuracy of your account,” the company said.