all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Many Public Salesforce Sites are Leaking Private Data

Add to bookmarks
April 28, 2023, 2:09 a.m. | BrianKrebs

Krebs on Security krebsonsecurity.com

A shocking number of organizations -- including banks and healthcare providers -- are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

access a little sunshine banks charan akiri community data dc health dc health link healthcare healthcare providers huntington bank information latest warnings logging logging in matthew jennings mike rupert misconfiguration organizations private private data public salesforce salesforce community websites scott carbee sensitive information stem tcf bank the coming storm time to patch vermont websites

Visit resource

More from krebsonsecurity.com / Krebs on Security

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years 2 days, 20 hours ago | krebsonsecurity.com
antii kurittu coldfusion botnet convicted hacking +15
FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data 3 days, 13 hours ago | krebsonsecurity.com
access amp att carriers +25
Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme 1 week, 3 days ago | krebsonsecurity.com
alexander kovalev a little sunshine artem zaitsev bribe +28
Who Stole 3.6M Tax Records from South Carolina? 2 weeks, 2 days ago | krebsonsecurity.com
account aleksandr ermakov associated press bank +34
Crickets from Chirp Systems in Smart Lock Key Leak 2 weeks, 3 days ago | krebsonsecurity.com
a little sunshine august.com can chirp systems +22
Why CISA is Warning CISOs About a Breach at Sisense 3 weeks ago | krebsonsecurity.com
agency a little sunshine breach business +28
Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers 3 weeks, 1 day ago | krebsonsecurity.com
april change com domain +15
April’s Patch Tuesday Brings Record Number of Fixes 3 weeks, 2 days ago | krebsonsecurity.com
adobe after effects april azure azure ai +38
Fake Lawsuit Threat Exposes Privnote Phishing Sites 4 weeks ago | krebsonsecurity.com
alexandr ermakov a little sunshine andrey sokol breadcrumbs +26

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

SITEC- Systems Security Administrator- Camp HM Smith

@ Peraton | Camp H.M. Smith, HI, United States
View on infosec-jobs.com

Cyberspace Intelligence Analyst

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

General Manager, Cybersecurity, Google Public Sector

@ Google | Virginia, USA; United States
View on infosec-jobs.com

Cyber Security Advisor

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com

Engineering Team Manager – Security Controls

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com
View more jobs