Script error raised Salesforce users’ privileges

For a bulk of marketing and commercial organizations employees’ working week ended earlier than usually.

The case was that on Friday, May 17, thousands of Salesforce CRM-system users were switched off from Pardot and Salesforce Marketing Cloud services.

Producer was forced emergently switch off its infrastructure because of discovered in script vulnerability that is used in Pardot system of automatization database.

According to messages on Reddit forum, because of error in code users unexpectedly received additional access rights that they were not supposed to have.

“In one of our projects all profiles were modified in a way that allowed all users get access to all data” – says one of the messages.

Aiming protection of catastrophic consequences, Salesforce fully blocked access to more than thousand cloud installations that are used for Pardot hosting. As a result, this access was disabled not only for Pardot users, but also for all other users of these installations.

Read also: Google traces users online-purchases and saves them in Gmail services

Shortly speaking, Salesforce used in a database a script that unexpectedly raised users privileges and allowed them reading and writing any data. As a result, company had to recall their privileges and temporary disable installations to prevent leakage and unsanctioned actions with data. Later company returned privileges to administrator accounts that later were busy with access settings for all other users.

On Saturday and Sunday Salesforce developed and started a script for automatic restoration of privileges from reserved copied. As company’s representatives say, access to services was fully restored in 15 hours after turning off. Nevertheless, on Monday some users still had difficulties with access.

Source: https://status.salesforce.com