Many Public Salesforce Sites are Leaking Private Data
Krebs on Security
APRIL 27, 2023
Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information.
Let's personalize your content