Salesforce Company Cyber Security Posture
salesforce.com๐ We're Salesforce, the customer company.ย ย CRM + Data + AI + Trust. Privacy Statement: http://www.salesforce.com/company/privacy/
Salesforce Company Details
salesforce
78060 employees
5692039.0
511
Software Development
salesforce.com
4
SAL_2246365
In-progress
Salesforce Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
Salesforce Global Score.png)
Salesforce Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Salesforce Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Salesforce | Cyber Attack | 60 | 05/2019 | SAL215719323 | Link | ||
Rankiteo Explanation : Attack threatening the organization's existenceDescription: Salesforce's North American and European customers endured a 15-hour outage after a cyber attack. The incident came after the salesforce technology team blocked access to certain instances that contain customers affected by a database script deployment that inadvertently gave users broader data access than intended. To protect the customers, the company blocked access to all instances that contain affected customers until they could block access to orgs with the inadvertent permissions. As a result, customers who were not affected may also experienced service disruption. | |||||||
| Salesforce | Breach | 100 | 3 | 6/2025 | SAL633060625 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: A financially motivated threat actor group, UNC6040, has been targeting Salesforce customers through voice phishing (Vishing). The group impersonates IT support personnel to trick employees into granting sensitive access or sharing credentials. This campaign has resulted in the compromise of organizational data and subsequent extortion attempts, posing a significant threat to the company's security and reputation. | |||||||
Salesforce Company Subsidiaries
๐ We're Salesforce, the customer company.ย ย CRM + Data + AI + Trust. Privacy Statement: http://www.salesforce.com/company/privacy/
Access Data Using Our API
Get company history
Rapid.png)
Salesforce Cyber Security News
Hackers abuse malicious version of Salesforce tool for data theft, extortion
A threat group is using voice phishing to trick targeted organizations into sharing sensitive credentials.
George Kurtz On The Genesis Of CrowdStrike: "Salesforce Of Security"
โThe founding idea around CrowdStrike is what I call the Salesforce of security, the first cloud-based security company that created betterย ...
Companiesโ Salesforce data is latest hacker target
Suspects: The Salesforce data hacks resemble the work of a decentralized hacker group called the Com, Google said. The Com is also linked toย ...
Hackers abuse modified Salesforce app to steal data, extort companies, Google says
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized,ย ...
Salesforce tags 5 CVEs after SaaS security probe uncovers misconfig risks
Salesforce has assigned five CVE identifiers following a security report that uncovered more than 20 configuration weaknesses.
Your Salesforce Data Isnโt as Safe as You Think
Salesforce data is at risk without a proper backup plan, as the Recycle Bin isn't sufficient for recovery.
Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud
Security researchers uncover critical flaws and widespread misconfigurations in Salesforce's industry-specific CRM solutions.
Salesforce OmniStudio Vulnerabilities Exposes Sensitive Customer Data in Plain Text
A critical security flaw in Salesforce OmniStudio has been discovered that allows unauthorized access to sensitive customer informationย ...
Salesforce acquires Own Company
How important is data protection and data management these days? It's important enough that Salesforce recently announced it acquired Own Company, a leadingย ...
Salesforce Similar Companies
Shopify
Shopify is a leading global commerce company, providing trusted tools to start, grow, market, and manage a retail business of any size. Shopify makes commerce better for everyone with a platform and services that are engineered for reliability, while delivering a better shopping experience for consu
Shopee
Shopee is the leading e-commerce platform in Southeast Asia and Taiwan. It is a platform tailored for the region, providing customers with an easy, secure and fast online shopping experience through strong payment and logistical support. Shopee aims to continually enhance its platform and become th
Amazon
Amazon is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. We are driven by the excitement of building technologies, inventing products, and providing services that change lives. We embrac
Meituan
Adhering to the โRetail + Technologyโ strategy, Meituan commits to its mission that 'We help people eat better, live better'. Since its establishment in March 2010, Meituan has advanced the digital upgrading of services and goods retail on both supply and demand sides. Together with our partners we
Groupon
Groupon is an experiences marketplace that brings people more ways to get the most out of their city or wherever they may be. By enabling real-time mobile commerce across local businesses, live events and travel destinations, Groupon helps people find and discover experiencesโโbig and small, new and
Alibaba.com
The first business of Alibaba Group, Alibaba.com (www.alibaba.com) is the leading platform for global wholesale trade serving millions of buyers and suppliers around the world. Through Alibaba.com, small businesses can sell their products to companies in other countries. Sellers on Alibaba.com are t
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Salesforce CyberSecurity History Information
How many cyber incidents has Salesforce faced?
Total Incidents: According to Rankiteo, Salesforce has faced 2 incidents in the past.
What types of cybersecurity incidents have occurred at Salesforce?
Incident Types: The types of cybersecurity incidents that have occurred incidents Breach and Cyber Attack.
How does Salesforce detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through containment measures with Blocked access to affected instances and remediation measures with Blocked access to orgs with inadvertent permissions.
Incident Details
Can you provide details on each incident?
Incident : Vishing
Title: UNC6040 Vishing Campaign Targeting Salesforce Customers
Description: A financially motivated threat actor, tracked as UNC6040, is conducting a vishing campaign to compromise organizational data of Salesforce customers and carry out subsequent extortion.
Type: Vishing
Attack Vector: Telephone-based social engineering
Vulnerability Exploited: Human error and social engineering
Threat Actor: UNC6040
Motivation: Financial gain
Incident : Cyber Attack
Title: Salesforce 15-Hour Outage Due to Cyber Attack
Description: Salesforce's North American and European customers endured a 15-hour outage after a cyber attack. The incident came after the salesforce technology team blocked access to certain instances that contain customers affected by a database script deployment that inadvertently gave users broader data access than intended. To protect the customers, the company blocked access to all instances that contain affected customers until they could block access to orgs with the inadvertent permissions. As a result, customers who were not affected may also experienced service disruption.
Type: Cyber Attack
Attack Vector: Database Script Deployment
Vulnerability Exploited: Inadvertent Permissions
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Telephone-based social engineering.
Impact of the Incidents
What was the impact of each incident?
Incident : Cyber Attack SAL215719323
Systems Affected: Customer Instances
Downtime: 15 hours
Operational Impact: Service Disruption
Which entities were affected by each incident?
Incident : Vishing SAL633060625
Entity Type: Organizations
Industry: Multinational corporations
Location: English-speaking branches
Incident : Cyber Attack SAL215719323
Entity Type: Company
Industry: Technology
Location: North America, Europe
Response to the Incidents
What measures were taken in response to each incident?
Incident : Cyber Attack SAL215719323
Containment Measures: Blocked access to affected instances
Remediation Measures: Blocked access to orgs with inadvertent permissions
Data Breach Information
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Blocked access to orgs with inadvertent permissions.
How does the company handle incidents involving personally identifiable information (PII)?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through was Blocked access to affected instances.
References
Where can I find more information about each incident?
Incident : Vishing SAL633060625
Source: Google Threat Intelligence Group (GTIG)
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Google Threat Intelligence Group (GTIG).
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Vishing SAL633060625
Entry Point: Telephone-based social engineering
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Cyber Attack SAL215719323
Root Causes: Inadvertent Permissions
Corrective Actions: Blocked access to orgs with inadvertent permissions
What corrective actions has the company taken based on post-incident analysis?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Blocked access to orgs with inadvertent permissions.
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident was an UNC6040.
Impact of the Incidents
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was Customer Instances.
Response to the Incidents
What containment measures were taken in the most recent incident?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Blocked access to affected instances.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident is Google Threat Intelligence Group (GTIG).
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Telephone-based social engineering.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
