In a year marked by unprecedented cyber threats, Salesforce, a leader in customer relationship management (CRM), faces a crisis of trust. Recent data breaches—affecting well-known organizations and millions of customers—have raised serious concerns about the security measures implemented by Salesforce. These vulnerabilities not only jeopardize customer data but also threaten Salesforce’s reputation, leading 14 of its clients to file lawsuits related to these attacks.
Security Breaches and Data Theft
2025 has been particularly brutal for Salesforce clients. Numerous organizations, including major brands like Cisco, Chanel, and LVMH, have reported extensive data breaches where sensitive customer information was exfiltrated, often followed by ransom demands. The FBI has even issued warnings about compromised Salesforce accounts, indicating that the vulnerabilities may stem from easily exploitable elements within Salesforce’s infrastructure.
Salesforce’s own responses to these incidents suggest that the company could have done more to safeguard its platform. The attacks not only exploited vulnerabilities but also manipulated employees through social engineering techniques—phishing schemes designed to steal credentials and multi-factor authentication tokens.
An Evolving Threat Landscape
The techniques used in these attacks have evolved, demonstrating the agility of threat actors. From initial phishing attempts to more sophisticated vishing (voice phishing) strategies, attackers are exploiting weaknesses in social engineering. Recent reports hold organizations like Salesloft accountable for breaches that allowed attackers to gain access through compromised OAuth tokens. This highlights the need for tighter security protocols around third-party applications within the Salesforce ecosystem.
Despite Salesforce publicly asserting that no weaknesses exist in their technology, the rising number of compromised accounts begs the question: what more can be done? Experts suggest that Salesforce needs to implement advanced security measures like OAuth 2.0 DPoP or Mutual TLS to better secure customer data from being abused once tokens are stolen.
A Call for Action
The current security landscape demands more urgent and aggressive actions from Salesforce. While the company has taken steps to limit user permissions for installing third-party applications, experts argue this is merely a band-aid solution. Strengthening policies around OAuth token usage and implementing more rigorous administrative controls are vital in mitigating these risks.
As Salesforce grapples with these challenges and the potential for legal repercussions, the burden of responsibility for securing customer data must be shared with third-party applications. Companies integrating with Salesforce should be encouraged to publish IP whitelists and initiate communication about security measures with Salesforce, ensuring a collective effort toward enhanced cybersecurity.
In conclusion, as Salesforce navigates through this tumultuous period, clear communication, effective risk management, and proactive cybersecurity practices will be critical in restoring client trust and safeguarding against future breaches.
For further details, read the full article on ZDNet: Battered by Cyberattacks, Salesforce Faces a Trust Problem and a Potential Class Action Lawsuit.
