Forensics · Case Nº I / MMXXVI
Investigation into suspected unauthorised access to a client Salesforce environment during a sensitive commercial period. We traced the access event to an existing OAuth integration, assessed exfiltration risk under the available logging, and delivered findings suitable for both legal interpretation and commercial due diligence.
Outcome
Reclassified the event from presumed breach to persistent authorised-integration access. Recommendations to revoke long-lived OAuth tokens, enable Event Monitoring, and introduce governance for third-party integrations.
Stack