// #data-exposure
2 articles
Salesforce Marketing Cloud Server-Side Template Injection Exposed Entire Customer Contact Database
SL Cyber researchers have disclosed five patched vulnerabilities in Salesforce Marketing Cloud (ExactTarget), the most critical of which — a server-side template injection flaw — allowed an authenticated marketing user to exfiltrate the complete contacts database and historical email campaign content of any Salesforce Marketing Cloud instance. The vulnerabilities were patched by Salesforce; organisations should verify which contact data and historical communications were accessible to marketing team members.
Booking.com Breach Exposes Reservation Data — Phishing Wave Follows
Booking.com has disclosed unauthorised access to customer reservation data including names, contact details, and booking information. No payment data was taken, but the exposed reservation details create a high-quality dataset for targeted travel-themed phishing campaigns. Reservation PINs have been reset across affected bookings.