10/10/25 - Security Advisory on Developer Portal

Recently Salesforce was impacted by a hacker attack on one of their partners.

Given the news of the same hacking group making additional ransom demands of Salesforce with continued threats to hack more Salesforce partners, we are asking our partners to take an abundance of caution in securing and monitoring their API integrations to Outreach for any potential risk.

Actions to take:

• Ensure your application operates with the least privilege possible to achieve its goals. Do not request permissions beyond what is necessary for functionality, as they could be leveraged by an attacker.
• Watch for anomalies in your application logs, such as unusual volumes of traffic, improper API requests, or requests made outside of business hours or from unusual locations or IP ranges. Set up automated monitoring and alerting for these types of events.
• Ensure your application enforces rate limiting and authorization checks at the API level. Do not rely on user interface based protections as attackers may call the underlying APIs directly.
• If your application integrates with or connects directly to Salesforce, review your use of Salesforce OAuth tokens to ensure they are properly protected & operate with the least privilege possible.
• Include your application's public API and integration points in any security or penetration tests you perform.
• Be vigilant for phishing, vishing, and social engineering attacks. While this threat actor has carried out technical attacks against APIs, they have most frequently compromised companies via social engineering, deceiving employees into granting them access.