
Salesforce enables ‘modify all’ in user profiles - LinuxBender
https://www.reddit.com/r/salesforce/comments/bpq336/salesforce_enables_modify_all_in_all_user_profiles/
======
londons_explore
Presumably this should cause most companies in the EU to announce, within 72
hours, a data breach, since it allows any salesforce user to gain any
permissions and view/leak/copy/steal any data on any customer in the org.

That will be a _lot_ of companies considering pretty much every big company
uses salesforce.

~~~
gruez
Does it count as a data breach if unauthorized users were allowed to access
data, but they didn't actually? ie. server logs showed that nobody actually
read anything they weren't supposed to.

~~~
tssva
EU definition of a personal data breach.

> "‘personal data breach’ means a breach of security leading to the accidental
> or unlawful destruction, loss, alteration, unauthorised disclosure of, or
> access to, personal data transmitted, stored or otherwise processed;

Based upon this definition just allowing the access is a breach.

~~~
moduspol
Well it seems like a gray area. There's a meaningful difference between
"accessing" something and "having access to" something. To me this seems like
it would only cover the former.

------
BonesJustice
Oopsie. Some poor bastard is having the worst day of their career.

I find it concerning that it was even _possible_ for this to happen,
regardless of whether it was intentional.

~~~
gambler
Stuff like this is always possible wherever you have fully centralized
architecture. I don't know how many massive cloud failures it will take for IT
community at large to realize this.

~~~
ralph84
Salesforce launched in 1999 before before cloud was a thing. It's basically
just a big Oracle database.

~~~
mpeg
That's not very fair to a company that was one of the pioneers of a lot of the
things we consider normal on today's software as a service.

Also incorrect, they have great cloud and devops practices. If anything it's
likely this bug's impact would be limited due to how decentralised SFDC
operates.

Still a massive fuck-up, I'm interested in seeing if they'll release any more
detail on why it happened.

~~~
the_duke
While a little unfair, and Salesforce is a decent product with nice dev
tooling (apart from the weird ancient Java ish custom language), but under the
hood, it really is just a Oracle database per org.

~~~
vips7L
Weird ancient proprietary language.

Impossible to run locally.

No debuggers.

Virtually impossible to put an entire org in source control.

No package manager.

More undefined behavior than a C compiler.

------
llamataboot
"The Salesforce Technology team is investigating an issue impacting Salesforce
customers who use Pardot, or have used Pardot in the past. The deployment of a
database script resulted in granting users broader data access than intended.
To protect our customers, we have blocked access to all instances that contain
impacted customers until we can complete the removal of the inadvertent
permissions in the impacted customer orgs. As a result, customers who were not
impacted may experience service disruption. In parallel, we are working to
restore the original permissions as quickly as possible. Customers should
continue to check Trust for updates."

------
trollied
Reading between the lines, I think someone forgot a WHERE clause in their
UPDATE statement....

~~~
joshcain
I mean, you would hope it's not possible for it to be that simple but... you
could see it, couldn't you?

~~~
finaliteration
Considering that just yesterday I had to quickly cancel an operation that had
the wrong criteria specified, I can absolutely see it...

~~~
JanneVee
How about turning autocommit off?

------
bradleybuda
Salesforce incident:
[https://status.salesforce.com/incidents/3815](https://status.salesforce.com/incidents/3815)

Our product syncs data to Salesforce - we're seeing hit and miss connectivity
across our customers' instances. Some API calls are still working, I'm unable
to sign in to a developer instance in NA49.

~~~
tetrep
it'd be nice if we could get the hn link pointing to that instead, since it's
actually got a bit more details than the reddit post and the reddit post
doesn't seem to be getting updated, so it's only going to get more "stale"

~~~
aaomidi
FWIW that link doesn't load for me. I think they're getting hammered.

------
aaomidi
For people not familiar with salesforce, what does this mean?

~~~
finaliteration
For a time, users on many instances were able to read/modify data that they
shouldn't have been. They got full CRUD access to -all data-. This includes
some external users of things like Customer and Partner portals (where
functionality and data are made available to external users via Salesforce).
When they decided to try to mitigate the issue, they locked down all access
and took away CRUD permissions from all users/profiles in Salesforce on those
affected instances.

We woke up to a bunch of users unable to do their jobs because they suddenly
started receiving "NO ACCESS" errors, effectively. We also haven't been able
to modify the profiles and fix the access effectively.

~~~
Pils
When I saw this headline, my first reaction was that a salesperson in an org
could download all customer contact info and immediately go to a competitor
and start poaching customers extremely efficiently. How likely is this
scenario? What sorts of recourse, legal or otherwise, would the org have? Non-
competes are hard to enforce, and I don't know enough about trade secret laws
to have a good opinion on this.

~~~
finaliteration
> How likely is this scenario?

It's difficult to say. Exporting data in bulk isn't totally straightforward
for your average user, and I'm not sure how long total CRUD access was
granted. That being said, given that full access was granted, it's not
impossible to imagine someone creating a report and doing a dump of customer
data.

Though typically that may fall under NDA and not non-compete. NDAs are a
little easier to enforce as far as I understand, but I'm not a lawyer.

~~~
drtillberg
It's sort of like if you walked by a bank and saw a bundle of money unattended
in the lobby rather than the vault. Technically maybe you could get outside
with the bundle, but keeping out of trouble long enough to enjoy the big
screen TV you try to buy? ... Don't bet in it.

~~~
thrav
Nah, it’s more akin to an employ coming in one day and seeing that the vault
door is just open, and thinking they might poke around a bit / pocket some
bundles of cash... Except they usually handle most of those bundles of cash
day to day anyway.

------
mediocrejoker
Does this allow a salesman from company A to access customer info from company
B (where A and B are both customers of salesforce) or is it just intra-
organization?

Still bad if the latter, but catastrophic if the former

~~~
thrav
Nah, definitely not that. Just ups their permissions to that of a super user /
admin in their company.

------
jeromegv
Looks like they shut down a big part of it, our instances are all down.

~~~
fatnoah
This is the documented solution to any significant security issue. They'd much
rather be down than expose any customer data.

------
duxup
I get a lot of just loading at:

[https://status.salesforce.com/](https://status.salesforce.com/)

Not really what you want with something like this... but the folks holding the
keys to a site like that are often never around / fast enough to make those
sites helpful.

------
Friedduck
It didn’t affect any of the 3 orgs within our firm. It was limited to firms
who’ve deployed Pardot so a much smaller audience.

Still, epic screw-up.

------
sergers
can confirm my org is impacted.

our SF instance is accessible, but no permissions on login.

just got an update from our admin, no eta

------
jplayer01
Why would anybody trust Salesforce after this?

~~~
brogrammernot
Doesn’t really matter.

Moving off Salesforce is a many month project for a small company and possibly
years for a larger company depending on the add-ons and everything.

Doubt they lose any real customers over this but they’re definitely going to
be cutting some checks/credits to a ton of people for the next few months but
it’ll fade.

