Salesforce has revealed that an update to its marketing cloud suite may have led to some APIs retrieving or writing data “from one customer’s account to another”.
The issue, which was first reported by BankInfoSecurity, was fixed through an emergency release “for all marketing cloud stacks” on July 18.
“During a Marketing Cloud release that was rolled out between June 4, 2018 and July 7, a code change was introduced that may have caused a small subset of REST API calls to improperly retrieve or write data from one customer’s account to another,” the cloud operator said in a short advisory following the news report.
“We have no evidence of malicious behaviour associated with this issue.
“Customers who may have been impacted by this issue were notified.”
The issue appeared to impact APIs associated with the Email Studio and Predictive Intelligence tools within marketing cloud, according to the advisory.
Marketing cloud includes technologies that were previously marketed by ExactTarget and Pardot, among others.
_(23).jpg&h=140&w=231&c=1&s=0)
_(22).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
