Some organizations can expose sensitive personal and corporate information by failing to properly deactivate Salesforce Community websites that are no longer used, according to data security and analytics company Varonis.
Varonis reported identifying many such improperly deactivated websites, which the company has dubbed ‘Salesforce ghost sites’. These sites have been found to expose personally identifiable information and business data that should not be accessible.
“The exposed data is not restricted to only old data from when the site was in use; it also includes new records that were shared with the guest user due to the sharing configuration in their Salesforce environment,” Varonis warned.
Ghost sites are Salesforce Communities that have been abandoned — they are still accessible, but no longer monitored or protected.
Companies can set up Salesforce Community websites where they share information and enable users to connect and collaborate. These sites are hosted on domains such as ‘partners.acme.org.00d400.live.siteforce.com’, but they can be made accessible through a shorter URL such as ‘partners.acme.org’ by configuring DNS records.
Ghost sites, according to Varonis, emerge when a company replaces a Salesforce site with, for instance, a website running in their AWS environment. The ‘partners.acme.org’ domain is pointed to the new site, but the custom Salesforce domain continues to exist.
“Varonis Threat Labs researchers discovered that many companies stop at just modifying DNS records. They do not remove the custom domain in Salesforce, nor do they deactivate the site. Instead, the site continues to exist, pulling data and becoming a ghost site,” Varonis explained.
Tools such as SecurityTrails can be used to identify ghost sites based on indexed and archived DNS records.
These unmaintained websites can be more vulnerable to attacks as they could have unpatched security holes.
“To solve the problem of ghost sites — and to mitigate other threats — sites that are no longer in use should be deactivated. It’s important to keep track of all Salesforce sites and their respective users’ permissions — including both community and guest users,” Varonis recommended.
This is not the first time Varonis has warned organizations about security risks associated with the use of Salesforce Communities and the potential exposure of sensitive data.
Related: Faulty Database Script Exposed Salesforce Data to Wrong Users
Related: Salesforce Paid Out $12.2 Million in Bug Bounty Rewards to Date
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- NIST Publishes Final Version of 800-82r3 OT Security Guide
- Johnson Controls Hit by Ransomware
- Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
- Government Shutdown Could Bench 80% of CISA Staff
- Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor
- macOS 14 Sonoma Patches 60 Vulnerabilities
- New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
