A change in the production environment is the root cause of the broad outage suffered by Salesforce.
The service disruption affected its Pardot B2B marketing automation system, the cloud CRM company’s change broke access privileges settings across organizations and gave customers access to all of their respective company’s files.
“One of our projects had all its profiles modified to enable modify all, allowing all users access to all data.” reported a user on Reddit.
In response to the incident, Salesforce has denied all access to a hundred of cloud instances that host Pardot users, the blocked the access for any other user to the same systems, even if they were not using Pardot.
Salesforce customers have been unable to access the service since 09:56 PDT (16:56 UTC) on Friday.
“The deployment of a database script resulted in granting users broader data access than intended,” reads a note published by the company. “To protect our customers, we have blocked access to all instances that contain affected customers until we can complete the removal of the inadvertent permissions in the affected customer orgs.”
Below the message published by Patrick Harris, Salesforce CTO and co-founder:
A few hours ago, Salesforce informed its users that it was able to restore access to most of its services, this means that the users experienced at least 15 hours of service disruption. Unfortunately, some organizations may still face problems, according to the latest notice issued by the CRM firm administrators will have to manually repair user account permissions.
“We have restored administrators’ access to all
The company warns that a limited number of admins may still be experiencing issues such as logging in to their organizations or modifying permissions.
If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”