Recent Salesforce Data Breaches: What Your Organization Needs to Know.

In recent weeks, several organizations have reported data breaches connected to malicious use of Salesforce connected apps. These incidents did not stem from vulnerabilities within the Salesforce platform itself, but rather from attackers using social engineering to trick employees into authorizing unauthorized connected applications.

Once access is granted, these apps can interact with Salesforce data through OAuth permissions — making them a serious security risk if left unmonitored.

To address this, Salesforce is introducing new controls, including:

• Restricting Uninstalled Connected App Usage
  A new permission, “Approve Uninstalled Connected Apps,” ensures that only designated users can self-authorize uninstalled connected apps.

• Enhancements to API Access Control
  Admins can now require the “Use Any API Client” permission when API access control is enabled, helping organizations block unauthorized applications by default.

What Your Organization Should Do Now

1. Audit Connected Apps – Regularly review all connected apps in your Salesforce environment. Remove unused ones and restrict access with permission sets or profiles.

2. Enable API Access Control – Block unknown connected apps by default and explicitly whitelist approved ones.

3. Update User Permissions – Ensure only trusted administrators or developers can authorize new apps.

4. Educate Teams – Provide awareness training so employees know not to approve unexpected app authorization requests.

At Cloud Scrums, we help organizations strengthen Salesforce security by auditing connected apps, optimizing user permissions, and implementing governance best practices. If you’d like an expert assessment of your Salesforce environment, we’d be happy to help.