Connect with us

Hi, what are you looking for?


Data Protection

Faulty Database Script Exposed Salesforce Data to Wrong Users

Salesforce Shuts Down Instances After Database Script Erroneously Enabled All Permissions on User Profiles

Salesforce Shuts Down Instances After Database Script Erroneously Enabled All Permissions on User Profiles

Salesforce deployed a database script last week that inadvertently enabled all permissions for all user profiles in some organizations, resulting in everyone inside a company to have access to their company’s Salesforce data. 

The rollout resulted in “modify all” permissions being enabled for all user profiles, including Standard and Custom profiles. The issue, Salesforce said, impacted customers that were using the Pardot service or which previously used the Pardot service. 

To mitigate impact, Salesforce decided to block access to instances that contained affected customers, which prevented access for all users, including admins. As a result, even customers who were not impacted by the script deployment experienced service disruption. 

“The deployment of a database script resulted in granting users broader data access than intended. To protect our customers, we have blocked access to all instances that contain impacted customers until we can complete the removal of the inadvertent permissions in the impacted customer orgs. As a result, customers who were not impacted may experience service disruption,” Salesforce said

The issue emerged on Friday, May 17, but Salesforce was able to restore access for users with a System Administrator profile by the next day. It also restored full access to customers unaffected by the database script issue. 

The list of affected instances includes NA42, NA44, CS50, CS51, CS59, CS138, CS99, NA92, NA56, NA49, CS97, CS93, CS79, CS78, CS69, NA155, NA196, NA99, CS17, EU8, EU9, EU12, EU13, NA60, NA61, NA64, NA67, NA79, CS8, CS94, and many more (over 100). 

Advertisement. Scroll to continue reading.

After restoring administrator access to all affected orgs, Salesforce published a workaround section to provide details on how admins could restore profiles and user permissions. They should also check all of the granted permissions to ensure users don’t have access to data they should not have access to.

“The automated provisioning to restore permissions has now been executed on all production instances. A subset of customers may still be experiencing issues with user permissions and our teams continue to work on this,” Salesforce notes on its status page

As Balaji Parimi, CEO of Infrastructure Authorization Administration (IAA) company CloudKnox, told SecurityWeek in an emailed comment, over-provisioned privileges may pose an even greater security risk to enterprises than attackers would. 

“Enterprises need to understand that their biggest security risk is not from the attackers targeting them or even malicious insiders – it’s identities with over-provisioned privileges. Security teams need to make sure that privileges with massive powers are restricted to a small number of properly trained personnel,” he said. 

“Until companies better understand which identities have the privileges that can lead to these types of accidents and proactively manage those privileges to minimize their risk exposure, they’ll be vulnerable to devastating incidents like the one we’re seeing with Salesforce right now,” Parimi concluded. 

Related: Microsoft Details Cause of Recent Multi-Factor Authentication Outage

Related: US Investigating CenturyLink Internet Outage, 911 Failures

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybersecurity Funding

CommandK announced that it has raised $3 million in a seed funding round for a solution designed to help organizations secure sensitive data.