Watch out! The Salesforce Industry Cloud may be putting many businesses at risk!

CSOnline.com reported that “Salesforce Industry Cloud customers can easily misconfigure their deployments to enable attackers to access encrypted customer information, session data, credentials, and business logic, security researchers have found. The Salesforce Industry Cloud suite of vertical-aligned solutions includes a low-code platform that provides pre-built digital transformations tools for specific industries, such as financial services and manufacturing.”  The June 16, 2025 article entitled “Salesforce Industry Cloud riddled with configuration risks” (https://www.csoonline.com/article/4006341/salesforce-industry-cloud-riddled-with-configuration-risks.html) included these comments from “Aaron Costello, chief of SaaS security research at AppOmni, in a report that identified 20 misconfiguration risks associated with Salesforce Industry Cloud’s OmniStudio low-code offering”:

Aimed at non-developers, low-code tools can allow “non-technical users to build logic that touches critical systems and sensitive customer and internal data,”

“But this empowerment can come at a cost with respect to security, drastically increasing the risk of misconfigurations by customers,” Costello noted. “This combination of flexibility and implicit trust means that a customer misconfiguring one component, or overlooking one setting, can lead to system-wide data exposure.”

Better watch out!