Salesforce warns customers of data leak caused by API error

The issue may have had an impact on enterprise players utilizing Salesforce marketing cloud services.
Written by Charlie Osborne, Contributing Writer

Salesforce has warned customers that an API fault could have resulted in information leaks.

In a security advisory posted last week, the Software-as-a-service (SaaS) provider said that on July 18, the firm became aware of the issue, which affects a "subset" of Marketing Cloud customers that have signed up for Marketing Cloud Email Studio and Predictive Intelligence.

TechRepublic: Salesforce launches conversational queries with Einstein Analytics

According to Salesforce, a Marketing Cloud update released between June 4 and July 7 introduced a code change which "may have caused a small subset of REST API calls to improperly retrieve or write data from one customer's account to another."

While the API error was resolved on the same day via an emergency eRelease, there is still a possibility that customers -- which include Nestle, Aldo, Dunkin' Donuts, and Maersk -- may have experienced information loss.

An alert sent to customers via email added that when data was retrieved or written between customer accounts, the API call may have "failed and generated an error message rather than writing or modifying data."

Bank Info Security reports that Marketing Cloud data may also have become corrupted due to the issue.

See also: Salesforce Q1 tops estimates

The tech giant has not received any reports of malicious behavior associated with the security flaw but is also unable to discover whether or not customer data was viewed or altered by others at the time the faulty API was active.

CNET: Salesforce employees protest company's work with US border agency

"While Salesforce continues to conduct additional quality checks and testing in relation to this issue, we recommend that you monitor and review your data carefully to ensure the accuracy of your account," the company said.

North Korea's history of bold cyber attacks

Previous and related coverage

Editorial standards