erp system, sap, saas erp, hosted erp software, fusion, workday, netsuite, open source erp, infor, customer relationship management,sage, on-demand erp, accounting software, project accounting, aplicor, financial system, oracle financials
hosted software, on-demand erp, online accounting software, RFP response, implementation costs, appexchange, business bydesign, siebel, aplicor, salesforce.com, web-based crm
Salesforce.com Security Beached. Repeatedly Hacked.
Despite qualities such as transparency which often seem to get deminimized in Salesforce.com CRM software reviews, the company makes great claims of being an open organization. However, Salesforce.com got hacked and the only things worse than the very large amounts of customer data stolen from the hosting software giant were the lack of timely customer notification and completely evasive responses by Salesforce.com to its customers. The Washington Post first reported the hack against salesforce.com and unleashed on customers of SunTrust Banks. Then MarketWatch reported another salesforce.com phishing scam against customer ADP (Automatic Data Processing) and other salesforce.com customers. As first reported by the Washington Post on October 19:
"A database of e-mail addresses and other contact information stolen from business software provider Salesforce.com is being used in an ongoing series of targeted e-mail attacks against customers of several Salesforce.com business clients, including SunTrust and Automatic Data Processing Inc. (ADP), one of the nation's largest payroll and tax services providers."
The hacking incident was detected by a SunTrust customer who received a malicious e-mail in mid-September. The email used the customer's name and business email address and provided instruction to download a PDF which included a malware payload (presumably a trojan). The recipient then received an email from SunTrust indicating a third party database was improperly accessed. I guess that's the spin to say "our hosted CRM vendor was hacked, your data was compromised and you may now be phished by the hackers directly or whoever the hackers sell your data to." Way to be forthcoming about your customers' most sensitive data SunTrust!
SunTrust spokesman Hugh Suhr later commented the hacked information included the personally identifiable information (PII) of about 40,000 SunTrust customers. He said the customer list was stolen from a database held by Salesforce.com. Suhr indicated that at that point SunTrust received about 500 customer complaints of targeted phishing emails - several of which were successfully penetrated against customers - and that they were aware of several thousand dollars of losses. In an apparent attempt to make somebody else look bad and somehow lessen his own inexcusability, he also indicated that the personal information for ADP customers, a different Salesforce.com customer, was also stolen from Salesforce. In fact, ADP later indicated that data related to 900,000 customer records had been breached.
In a continued showing of complete customer disregard, Salesforce.com's Bruce Francis, the company's vice president of corporate strategy, refused to acknowledge whether any customer-specific data was stolen, and refused to answer direct questions about the incidents. He did, however, say several times that "phishing is a fact of life for any company that does business on the Internet these days." I guess this is true for at least Salesforce.com.
Posted by: Jeffrey on 10.26.07
Posted in: Salesforce.com, Rants
Comments (0) | jeffrey[at]erpblogger.com
Trackback | http://www.erpblogger.com/salesforce-hacked.htm