status.salesforce.com ID# 20000224
Publié 5:58 pm CEST, Oct 02 2025 · Last updated 5:58 pm CEST, Oct 02 2025
Security Advisory: Ongoing Response to Social Engineering Threats
We are aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities. Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support. At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.
We understand how concerning these situations can be. Protecting customer environments and data remains our top priority, and our security teams are fully engaged to provide guidance and support. As we continue to monitor the situation, we encourage customers to remain vigilant against phishing and social engineering attempts, which remain common tactics for threat actors.
For detailed guidance, please review our blog post on protecting against social engineering (https://www.salesforce.com/blog/protect-against-social-engineering) and reach out through the Salesforce Help portal if you need support.
Publié 5:58 pm CEST, Oct 02 2025 · Last updated 5:58 pm CEST, Oct 02 2025
salesforce.com Eoghan Casey
August 27, 2025
Learn how to detect, investigate, and respond to Salesforce security incidents with logs, permissions, and backups.
A guide to investigating Salesforce security incidents with logs, permissions, and backups to strengthen response and resilience.
I am increasingly asked by customers how to investigate potential security incidents in their Salesforce environments. Common questions are: What did a specific user do during that time? and What data was impacted? Every organization and incident is unique, and the answer to these questions depends on the specific situation, but there is some general guidance I can provide.
Three key sources of information for investigating a security incident in Salesforce environments are activity logs, user permissions, and backup data.
