Salesforce is facing a huge outage, it shut down a good portion of its infrastructure due to change to the production environment.

A change in the production environment is the root cause of the broad outage suffered by Salesforce.

The service disruption affected its Pardot B2B marketing automation system, the cloud CRM company’s change broke access privileges settings across organizations and gave customers access to all of their respective company’s files.

“One of our projects had all its profiles modified to enable modify all, allowing all users access to all data.” reported a user on Reddit.

In response to the incident, Salesforce has denied all access to a hundred of cloud instances that host Pardot users, the blocked the access for any other user to the same systems, even if they were not using Pardot.

Salesforce customers have been unable to access the service since 09:56 PDT (16:56 UTC) on Friday.

“The deployment of a database script resulted in granting users broader data access than intended,” reads a note published by the company. “To protect our customers, we have blocked access to all instances that contain affected customers until we can complete the removal of the inadvertent permissions in the affected customer orgs.”

Below the message published by Patrick Harris, Salesforce CTO and co-founder:

To all of our @salesforce customers, please be aware that we are experiencing a major issue with our service and apologize for the impact it is having on you. Please know that we have all hands on this issue and are resolving as quickly as possible. — Parker Harris (@parkerharris) May 17, 2019

A few hours ago, Salesforce informed its users that it was able to restore access to most of its services, this means that the users experienced at least 15 hours of service disruption. Unfortunately, some organizations may still face problems, according to the latest notice issued by the CRM firm administrators will have to manually repair user account permissions.

“We have restored administrators’ access to all orgs affected by the recent permissions issue and have prepared a set of instructions for admins that may need guidance on how to manually restore user permissions. We have updated the instructions to include guidance for Field Service Lightning administrators.” states the company. “Those instructions can be found in this Known Issue article: http://sfdc.co/PermSetKI. In parallel, we are working on an automated provisioning fix to allow us to restore user permissions to where they were before the incident occurred.”

The company warns that a limited number of admins may still be experiencing issues such as logging in to their organizations or modifying permissions.



If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

Pierluigi Paganini