Faulty Database Script Exposed Salesforce Data to Wrong Users

Salesforce Shuts Down Instances After Database Script Erroneously Enabled All Permissions on User Profiles

Salesforce deployed a database script last week that inadvertently enabled all permissions for all user profiles in some organizations, resulting in everyone inside a company to have access to their company’s Salesforce data. 

The rollout resulted in “modify all” permissions being enabled for all user profiles, including Standard and Custom profiles. The issue, Salesforce said, impacted customers that were using the Pardot service or which previously used the Pardot service. 

To mitigate impact, Salesforce decided to block access to instances that contained affected customers, which prevented access for all users, including admins. As a result, even customers who were not impacted by the script deployment experienced service disruption. 

“The deployment of a database script resulted in granting users broader data access than intended. To protect our customers, we have blocked access to all instances that contain impacted customers until we can complete the removal of the inadvertent permissions in the impacted customer orgs. As a result, customers who were not impacted may experience service disruption,” Salesforce said. 

The issue emerged on Friday, May 17, but Salesforce was able to restore access for users with a System Administrator profile by the next day. It also restored full access to customers unaffected by the database script issue. 

The list of affected instances includes NA42, NA44, CS50, CS51, CS59, CS138, CS99, NA92, NA56, NA49, CS97, CS93, CS79, CS78, CS69, NA155, NA196, NA99, CS17, EU8, EU9, EU12, EU13, NA60, NA61, NA64, NA67, NA79, CS8, CS94, and many more (over 100). 

After restoring administrator access to all affected orgs, Salesforce published a workaround section to provide details on how admins could restore profiles and user permissions. They should also check all of the granted permissions to ensure users don’t have access to data they should not have access to.

“The automated provisioning to restore permissions has now been executed on all production instances. A subset of customers may still be experiencing issues with user permissions and our teams continue to work on this,” Salesforce notes on its status page. 

As Balaji Parimi, CEO of Infrastructure Authorization Administration (IAA) company CloudKnox, told SecurityWeek in an emailed comment, over-provisioned privileges may pose an even greater security risk to enterprises than attackers would. 

“Enterprises need to understand that their biggest security risk is not from the attackers targeting them or even malicious insiders – it’s identities with over-provisioned privileges. Security teams need to make sure that privileges with massive powers are restricted to a small number of properly trained personnel,” he said. 

“Until companies better understand which identities have the privileges that can lead to these types of accidents and proactively manage those privileges to minimize their risk exposure, they’ll be vulnerable to devastating incidents like the one we’re seeing with Salesforce right now,” Parimi concluded. 

Related: Microsoft Details Cause of Recent Multi-Factor Authentication Outage

Related: US Investigating CenturyLink Internet Outage, 911 Failures