Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information

Salesforce ghost sites — domains that are no longer maintained but still accessible — can expose personal information and business data.

Some organizations can expose sensitive personal and corporate information by failing to properly deactivate Salesforce Community websites that are no longer used, according to data security and analytics company Varonis.

Varonis reported identifying many such improperly deactivated websites, which the company has dubbed ‘Salesforce ghost sites’. These sites have been found to expose personally identifiable information and business data that should not be accessible.

“The exposed data is not restricted to only old data from when the site was in use; it also includes new records that were shared with the guest user due to the sharing configuration in their Salesforce environment,” Varonis warned. 

Ghost sites are Salesforce Communities that have been abandoned — they are still accessible, but no longer monitored or protected.

Companies can set up Salesforce Community websites where they share information and enable users to connect and collaborate. These sites are hosted on domains such as ‘partners.acme.org.00d400.live.siteforce.com’, but they can be made accessible through a shorter URL such as ‘partners.acme.org’ by configuring DNS records.

Ghost sites, according to Varonis, emerge when a company replaces a Salesforce site with, for instance, a website running in their AWS environment. The ‘partners.acme.org’ domain is pointed to the new site, but the custom Salesforce domain continues to exist.

“Varonis Threat Labs researchers discovered that many companies stop at just modifying DNS records. They do not remove the custom domain in Salesforce, nor do they deactivate the site. Instead, the site continues to exist, pulling data and becoming a ghost site,” Varonis explained.

Tools such as SecurityTrails can be used to identify ghost sites based on indexed and archived DNS records. 

Advertisement. Scroll to continue reading.

These unmaintained websites can be more vulnerable to attacks as they could have unpatched security holes.

“To solve the problem of ghost sites — and to mitigate other threats — sites that are no longer in use should be deactivated. It’s important to keep track of all Salesforce sites and their respective users’ permissions — including both community and guest users,” Varonis recommended.

This is not the first time Varonis has warned organizations about security risks associated with the use of Salesforce Communities and the potential exposure of sensitive data.

Related: Faulty Database Script Exposed Salesforce Data to Wrong Users

Related: Salesforce Paid Out $12.2 Million in Bug Bounty Rewards to Date

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...