Obsidian Security incident

Subset of Salesforce posture rule unexpectedly changed to passing

Obsidian Security experienced a minor incident on August 28, 2025 affecting Posture Management, lasting 6h 59m. The incident has been resolved; the full update timeline is below.

Started: Aug 28, 2025, 04:06 PM UTC
Resolved: Aug 28, 2025, 11:05 PM UTC
Duration: 6h 59m
Detected by Pingoru: Aug 28, 2025, 04:06 PM UTC

Affected components

Posture Management

Update timeline

identified Aug 28, 2025, 04:06 PM UTC

We have identified an issue impacting a subset of Salesforce posture rules. Impacted customers may find that the rule IDs noted below will have unexpectedly moved from a failing to passing state. In the course of addressing the underlying cause, and rules being reverted to their proper state, posture drift alerts may be received. Environments Impacted: US, EU, AU SalesforceInactivePrivilegedAccounts SalesforceSystemAdmins SalesforcePrivilegedUsersFromLowReputationDomains SalesforceGhostAdmins SalesforceUsersWithCreatePublicLinks SalesforceWeakerProfilePasswordSettings SalesforceExternalUserObjectAccess SalesforceUsersWaivedMFA SalesforceGuestUserObjectAccess SalesforceUsersNoMFA SalesforceIntegrationUsersWithSysAdminProfile SalesforceRiskyGuestUsers SalesforceFieldLevelAccessForEncryptedData SalesforceWeakerProfileSessionSettings SalesforceFieldLevelAccessForComplianceData SalesforceAppsExcessivePermissions Additional updates will be provided via this posting as our investigation progresses and the issue is mitigated.
resolved Aug 28, 2025, 11:05 PM UTC

The issue has been resolved and impacted Salesforce posture rules now reflect the correct status. We appreciate your patience and understanding during this time, and if you experience any further issues, please do not hesitate to reach out.