HQ/EMEAFind out how we can help your business
In today’s digital landscape, organisations face a growing concern for improperly deactivated and abandoned Salesforce Sites and Communities, also known as Experience Cloud.
These neglected resources can expose organisations to severe risks, potentially resulting in unauthorised access to highly sensitive data, catching the attention of security experts, which refers to these abandoned, unprotected, and unmonitored resources as “ghost sites.”
Salesforce Communities create vulnerable gaps in security measures when left unattended.
Improperly deactivated Salesforce Communities, as highlighted in a recent report, pose significant risks to organisations. Instead of being properly deactivated, these unused Communities are often left unattended, creating a vulnerable gap in security measures.
Neglected and untested for vulnerabilities, these sites lack crucial updates to their security protocols, failing to align with current guidelines. Experts have discovered that many seemingly deactivated sites are still active and fetching new data. This oversight enables threat actors to exploit the situation by manipulating the host header in the HTTP request, easily extracting sensitive data.
The issue underscores the urgent need for organisations to proactively address and rectify these potential security breaches to protect their valuable information.
Recognising internal URLs associated with these sites can be challenging, but adversaries can exploit tools like SecurityTrails, which track DNS record changes, making it a feasible task. Moreover, the absence of up-to-date security measures on these outdated sites makes them enticing targets for threat actors aiming to exploit and extract sensitive information.
Notably, the exposed data extends beyond historical records, covering newly shared information with guest users due to the Salesforce environment’s sharing configuration, as emphasised by cybersecurity researchers.
Organisations are strongly advised to implement proactive measures to address the risks posed by ghost sites. One crucial step is maintaining a comprehensive inventory of all Salesforce sites, ensuring clear visibility of each site’s purpose, activity, and associated user permissions.
By monitoring and tracking these sites, organisations can promptly identify any potential ghost sites that may have been left unattended or improperly deactivated.
Furthermore, organisations must establish a robust deactivation process for sites no longer in use, such as conducting regular assessments to identify redundant or obsolete sites and deactivate them properly. By deactivating these sites in a controlled and systematic manner, organisations can mitigate the security risks arising from dormant sites that may still contain sensitive data.
