A customer relationship management (CRM) product company Salesforce has warned customers that their information has been shared with third party account because of API error.
Salesforce aware the issue on July 18 that impacted a subset of Marketing Cloud customers using Marketing Cloud Email Studio and Predictive Intelligence.
During a Marketing Cloud release that was rolled out between June 4, 2018, and July 7, a code change was introduced that may have caused a small subset of REST API calls to improperly retrieve or write data from one customer’s account to another.
The Salesforce Security team became aware of the issue on July 18, 2018. An emergency release (eRelease) was deployed at 5:00 UTC on July 18, resolving the issue for all Marketing Cloud stacks. We have no evidence of malicious behavior associated with this issue.
Customers who may have been impacted by this issue were notified.
In the E-mail to customers, Salesforce said,
During a Marketing Cloud release between June 4, 2018, and July 7, a code change was introduced that, in rare cases, could have caused REST API calls to retrieve or write data from one customer’s account to another inadvertently,” according to the alert, a copy of which was obtained by Information Security Media Group.
“Where the issue occurred, the API call may have failed and generated an error message rather than writing or modifying data.”