Connect with us

Hi, what are you looking for?


Cloud Security

Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information

Salesforce ghost sites — domains that are no longer maintained but still accessible — can expose personal information and business data.

Some organizations can expose sensitive personal and corporate information by failing to properly deactivate Salesforce Community websites that are no longer used, according to data security and analytics company Varonis.

Varonis reported identifying many such improperly deactivated websites, which the company has dubbed ‘Salesforce ghost sites’. These sites have been found to expose personally identifiable information and business data that should not be accessible.

“The exposed data is not restricted to only old data from when the site was in use; it also includes new records that were shared with the guest user due to the sharing configuration in their Salesforce environment,” Varonis warned. 

Ghost sites are Salesforce Communities that have been abandoned — they are still accessible, but no longer monitored or protected.

Companies can set up Salesforce Community websites where they share information and enable users to connect and collaborate. These sites are hosted on domains such as ‘’, but they can be made accessible through a shorter URL such as ‘’ by configuring DNS records.

Ghost sites, according to Varonis, emerge when a company replaces a Salesforce site with, for instance, a website running in their AWS environment. The ‘’ domain is pointed to the new site, but the custom Salesforce domain continues to exist.

“Varonis Threat Labs researchers discovered that many companies stop at just modifying DNS records. They do not remove the custom domain in Salesforce, nor do they deactivate the site. Instead, the site continues to exist, pulling data and becoming a ghost site,” Varonis explained.

Advertisement. Scroll to continue reading.

Tools such as SecurityTrails can be used to identify ghost sites based on indexed and archived DNS records. 

These unmaintained websites can be more vulnerable to attacks as they could have unpatched security holes.

“To solve the problem of ghost sites — and to mitigate other threats — sites that are no longer in use should be deactivated. It’s important to keep track of all Salesforce sites and their respective users’ permissions — including both community and guest users,” Varonis recommended.

This is not the first time Varonis has warned organizations about security risks associated with the use of Salesforce Communities and the potential exposure of sensitive data.

Related: Faulty Database Script Exposed Salesforce Data to Wrong Users

Related: Salesforce Paid Out $12.2 Million in Bug Bounty Rewards to Date

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.