Trust

Salesforce Trust

Security Advisories

Salesforce is committed to setting the standard in software-as-a-service as an effective partner in customer security.

 

Recent Security Advisories

From time to time it is important we notify customers with security advisories related to the Salesforce platform or subsidiaries. We will publish security advisories below.

Date
Type
Subject
Nature of Attack
Service Provider Vulnerability
Cloudflare Vulnerability
Cloudflare, an embedded content delivery network and internet security services provider, disclosed a security vulnerability in their edge servers, which could expose information such as HTTP cookies, authentication tokens, and HTTP POST bodies.
Email Scam
Your SSL Certificate has expired
Email that provides a link to download a file that contains malicious software.
Email Scam
Your SSL Certificate has expired
Email that provides a link to download a file that contains malicious software.
Email Scam
EMAIL BLACKLISTED...
Email containing links to phishing sites purporting to be salesforce.com.

For security-related questions, information, or reporting, contact security by emailing security@salesforce.com.

Contact Security

Security Notifications

Security notifications provide information about security-related issues involving the Salesforce platform or a specific customer instance.

Security Advisory
This type of notification is available for all Salesforce end users. These are broadly distributed security notifications about a security issue relevant to all Salesforce customers. Notification options include Email.

Security Alerts
This type of notification is only available to admins of Salesforce orgs. These are security notifications about possible suspicious activity involving a specific customer’s Salesforce instance that require further investigation by your organization. Notification options include email.

Security Incident
This type of notification is only available to admins of Salesforce orgs. These are security notifications about a confirmed or reasonably suspected breach of data hosted on Salesforce. Notification options include phone and email.