In a recent SC Media webcast , host Adrian Sanabria spoke with Justin Hazard, Principal Security Architect at AutoRABIT, about how to manage and secure Salesforce instances and make sure that minor misconfigurations and misunderstandings don't develop into major breaches.
Sanabria and Hazard gave an overview of Salesforce's evolution from a customer-relationship-management system to a comprehensive cloud platform . Hazard pointed out that Salesforce is now used for a variety of sensitive business functions beyond sales, including handling patient data and credit-card information.
"It was one of the very first SaaS platforms that we saw come out of the early 2000s," observed Sanabria. "And it's really evolved into a much bigger beast than it was in the in the early days."
That led to a discussion of the security risks that can arise as organizations expand their Salesforce implementations far beyond Salesforce's core uses, leading to greater complexity and broader attack surfaces.
A major topic of discussion was how to manage security as Salesforce environments grow. Hazard and Sanabria both noted that in many organizations, what began as a well-defined CRM has grown to become a central repository for sensitive data, leading to situations in which incremental features and customizations may accumulate risk.
Seemingly minor mistakes, like over-permissioned accounts or unclear visibility into which users have access to sensitive data, can result in critical vulnerabilities
AutoRABIT cybersecurity rating report: https://www.rankiteo.com/company/autorabit
"id": "AUT1764943909",
"linkid": "autorabit",
"type": "Vulnerability",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': None,
'location': None,
'name': None,
'size': None,
'type': 'Organizations using Salesforce'}],
'attack_vector': 'Over-permissioned accounts, unclear visibility '
'into user access',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Potential',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Patient data',
'Credit-card '
'information',
'Sensitive business '
'data']},
'description': 'Discussion on managing and securing Salesforce '
'instances to prevent minor misconfigurations and '
'misunderstandings from developing into major '
'breaches. Highlighted risks associated with '
"Salesforce's evolution from a CRM to a "
'comprehensive cloud platform handling sensitive '
'data like patient records and credit-card '
'information. Emphasized security challenges due '
'to expanded use cases, complexity, and '
'over-permissioned accounts.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Sensitive business data, patient '
'data, credit-card information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'Potential',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'Potential',
'revenue_loss': None,
'systems_affected': 'Salesforce instances'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'lessons_learned': 'Minor misconfigurations and '
'over-permissioned accounts in Salesforce can '
'lead to critical vulnerabilities. '
'Organizations must manage security as '
'Salesforce environments grow in complexity '
'and handle sensitive data beyond their '
'original CRM scope.',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Over-permissioned '
'accounts, unclear '
'visibility into user '
'access, incremental '
'features and '
'customizations '
'accumulating risk'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': 'Implement proper access controls, enhance '
'visibility into user permissions, and '
'regularly audit Salesforce configurations to '
'prevent incremental risks from accumulating.',
'references': [{'date_accessed': None,
'source': 'SC Media webcast',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'type': 'Misconfiguration',
'vulnerability_exploited': 'Incremental features and '
'customizations accumulating risk, '
'lack of proper access controls'}}