Cloud computing company Salesforce.com is warning customers about possible data breach after an API error
Cloud computing company Salesforce.com is warning customers about possible data breach after an API error. The Marketing cloud update released between June 4, 2018, and July 7 introduced a code change which may have resulted in a small subset of REST API calls. “During a Marketing Cloud release that was rolled out between June 4, 2018, and July 7, a code change was introduced that may have caused a small subset of REST API calls to improperly retrieve or write data from one customer’s account to another.” said in the alert published by the company. The alert also mentioned when the data was retrieved or written from one customer to another “the API call may have failed and generated an error message rather than writing or modifying data.” According to Bank Info Security, there is also a possibility that marketing cloud data may have been corrupted due to the issue. The issue potential affected marketing cloud customers using Marketing Cloud Email Studio and Predictive Intelligence. The salesforce security team identified the issue on July 18, 2018, and an emergency release (eRelease) was deployed on the same day at 5:00 UTC and resolving the issue the issue for all Marketing Cloud stacks. “The Salesforce Security team became aware of the issue on July 18, 2018. An emergency release (eRelease) was deployed at 5:00 UTC on July 18, resolving the issue for all Marketing Cloud stacks. We have no evidence of malicious behavior associated with this issue.” The company said that they did not find any evidence of any malicious behavior related to this issue and also said they are unable to confirm whether the data was viewed or modified by other customers. The company has notified all the potentially affected customers who access the marketing cloud during that day through email.