Salesforce.com reported earlier this week that one of its Web APIs experienced a security issue over a short window of time and that the issue has been resolved. In its report, the company noted that the company had “no evidence of malicious behavior associated with this issue.” (Disclosure: Salesforce.com recently acquired MuleSoft. MuleSoft is the parent company to ProgrammableWeb).
According to a notification issued by the company on its trust.salesforce.com website:
On July 18, we became aware of an issue that impacted a subset of Marketing Cloud customers using Marketing Cloud Email Studio and Predictive Intelligence. We resolved the issue on that same day, July 18. Customers who may have been impacted were notified.
In a more detailed disclosure, the company further elaborated the following:
During a Marketing Cloud release that was rolled out between June 4, 2018 and July 7, a code change was introduced that may have caused a small subset of REST API calls to improperly retrieve or write data from one customer’s account to another.
The Salesforce Security team became aware of the issue on July 18, 2018. An emergency release (eRelease) was deployed at 5:00 UTC on July 18, resolving the issue for all Marketing Cloud stacks. We have no evidence of malicious behavior associated with this issue.