Surprised Google didn't have some internally developed alternative.
Wonder if it's related to https://venturebeat.com/ai/this-ai-already-writes-20-of-sale...
My guess is leaked from a misconfigured force.com site often used as a support portal or kb. Up until recently they came misconfigured by default to allow public access to the basic info of accounts, contact, opportunity through list view endpoints.
Back in 2019 I had a client affected by this (luckily caught by a white hat). Curious, I searched *.site.force.com and found thousands of potentially impacted sites (vulnerability could be tested without exfil of any data). In recent years SF has had many security patches to try and close these holes, but my understanding is most required action by the admin to take effect.
I was always confused how SF managed to keep this out of the news.
They had an internal CRM. It was buggy, missing key features and engineers didn’t really want to work on it.
Oh, so I wonder if that's also how KLM lost my data.
I'm modestly surprised to learn Google was using Salesforce internally at all; the NIH runs deep with that company (they even have their own bugtracker because every other option just wouldn't cut it).
On the other hand, the past decade-ish has seen them grow very rapidly via acquisition, so perhaps this DB was grandfathered in via an acquired company and hadn't yet been replaced by anything internal.
(For Salesforce in particular though, I'd be willing to believe Google doesn't have an in-house alternative... People asked for a Salesforce-like in Google Workspace for years and the company had no interest. I have a hunch that most Googlers find the idea of creating a new CRM to be a profoundly boring intellectual exercise).
I'm surprised, mostly because Google seems to have basically no salespeople, account reps, or customer management.
> Google suffers
Uh, it's the users that suffer.
You Suffer https://www.youtube.com/watch?v=_-ywSPWu3K8
The linked article explains how they do it: https://www.bleepingcomputer.com/news/security/google-hacker...
>The attackers impersonate IT support personnel, requesting the target employee accept a connection to Salesforce Data Loader, a client application...
"The application supports OAuth and allows for direct "app" integration via the "connected apps" functionality in Salesforce," explains the researchers.
"Threat actors abuse this by persuading a victim over the phone to open the Salesforce connect setup page and enter a "connection code," thereby linking the actor-controlled Data Loader to the victim's environment.
... app is used to export data stored in Salesforce instances and then used the access to move laterally through connected platforms such as Okta, Microsoft 365, and Workplace.
Accessing these additional cloud platforms allows the threat actors to access more sensitive information stored on those platforms, including sensitive communications, authorization tokens, documents, and more.
Google: Nobody beats the $32,000,000,000 Wiz! Bet!
UNC6040: lool.
From the source: https://cloud.google.com/blog/topics/threat-intelligence/voi...
> The instance was used to store contact information and related notes for small and medium businesses. Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off. The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.