> The instance was used to store contact information and related notes for small and medium businesses. Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off. The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.
jedc · 1h ago
"store contact information and related notes for small and medium businesses"
Most likely translation: it affected the Google SMB sales team's Salesforce instance
sugarpimpdorsey · 1h ago
> Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off.
That's a pretty nonchalant way to say "they totally stole stuff before we knew what was going on or could stop them".
trhway · 39m ago
On the other side, giving how slow and cumbersome data extraction from enterprise software, may be they are saying that the hackers also didn't get that much and far.
lesuorac · 1h ago
> The data retrieved by the threat actor was confined to basic and largely publicly available business information
Which is to say, they took public _and_ private data and the private data is something we don't wish to publicly admit so probably not good.
nitwit005 · 1h ago
This is generally what people try to steal out of Salesforce. I doubt it's as innocuous as that makes it sound, as they wouldn't bother if they couldn't make money off of it. I assume there is some secondary scheme, like fraudulent billing.
coredog64 · 1m ago
Having seen the AWS version of this type of data store, it's typically got information like billing account numbers, internal email addresses of stakeholders, customer notes about NDA'd strategy, and lists of bugs/feature requests the customer is interested.
Could totally see someone sending a message like "Hey, your TAM asked me to talk to you about $IMPORTANT_FEATURE_REQUEST, can you grant me read access in the account where you're developing $UPCOMING_SECRET_PROJECT so I can get some additional color?" It might even be enough to get someone on a conference call and pump them for MNPI about $UPCOMING_SECRET_PROJECT under the guise of ensuring that the feature request is helpful.
gundmc · 33m ago
Yeah, perhaps sending fake invoices to customers? There's a lot of precedent for that:
Surprised Google didn't have some internally developed alternative.
progbits · 4h ago
From my experience with sales/PM people at google, they refuse to use internal tools and try to get Jira and other shit installed. Regardless of the tool quality, just because that's what they learned already.
This mostly didn't work out for them back in the day but in more recent times as more and more low quality middle level managers and execs get hired they manage to get approvals.
In my org a new VP demanded Jira instance within a month of joining the company and that it be used for technical project reporting.
Of course all the developers said fuck no to that so for a while some managers were trying to do two way sync between Jira and Buganizer. When I left it was mostly abandoned and full of tumbleweed...
kwanbix · 2h ago
Jira's raise to power is one of those things I would never understand. Such a horribly designed tool. Today is much better, yes, but it is so over-engineer and at the same time lacks so many things.
Agingcoder · 2h ago
The first time I used it around 2007 I thought it was great. It was basic, but did everything that I wanted ( I’d didn’t care about the project management that maybe didn’t even exist back then I don’t remember ).
I think that it’s been diverted from its original purpose,and is now indeed horribly complicated since it’s supposed to be all in one package.
I’ve also noted that in large companies the quality of the product for end users, as long as it’s not a massive drag on productivity or on recruitment and is not core business, is irrelevant and that other factors are more important ( costs, contracts , easy to install integrate and maintain, quality of support, breadth of use within the company etc ). This makes atlassian a natural superpower.
mbreese · 2h ago
Early 2000s Jira was great because it wasn’t Bugzilla. Bugzilla was functional, but that was about it.
SoftTalker · 1h ago
Bugzilla was great....
asah · 2h ago
Jira was the first tool to truly support bulk search/edit of issues, i.e. it scaled where everything else fell over with >250 issues...
lenkite · 1h ago
Jira may be over-engineered, but I don't think it lacks anything. You can always get a plugin if something is missing. Our corpo Jira crawled because of a stupendous amount of plugins (close to a thousand). Once we had a Jira clean-up operation done, it became magically fast.
kbelder · 1m ago
Plugins can fix every problem, except the problem of too many plugins.
npongratz · 37m ago
> You can always get a plugin if something is missing.
To my great consternation, I have not found this to be true in the cloud version:
Special thanks to Matt Lachman for keeping up the good fight every (business) day.
lenkite · 22m ago
Huh - that seems a very basic missing feature in the cloud version. We use bog-standard self-hosted JIRA and markdown editing is basic working functionality. People also add mermaid diagrams/charts to the issue. As well as custom diagram plugins, excel sheets and a whole gamut of documents.
0xbadcafebee · 1h ago
Replace Jira with Microsoft and this is the same complaint from the 90's/2000's about a business company that delivers features rather than making nerds happy. Nobody likes it, yet everybody uses it.
crinkly · 2h ago
PM like it because they can break it until it fits their worldview. I've worked at 3 orgs in a row where the JIRA was a complete fucking broken mess because the process in it didn't match reality but someone thought it did.
Terr_ · 38m ago
Yeah, my cynical experience with B2B business software is that it becomes shitty and encrusted via special-case customizations (or worse, customizability.)
Even for internal projects, a lot of money is thrown at software because the corporation has decided (rightly or wrongly) that it's easier than changing process, culture, personnel, or internal incentives.
For example, salespeople on commission were closing not-very-profitable deals. The response was to layer in a complicated project feasibility/profitability estimation logic, configuration features for an "approval" org-chart hierarchy between users, and various new triggers to block the workflow at particular steps and e-mail people to come click and approval button... I still feel it would have (should have?) been better to change how the sales commissions worked.
bombcar · 1h ago
This is exactly it - it's "Enterprise" so you can (pretty easily, to be honest) make it fit your workflow.
The problem is that the workflow you officially have and wish you used is almost never the actual workflow, so it becomes horribly confused and insane.
grumple · 2h ago
I think it's fundamentally easy to use once you get it set up, it's just absolutely madness in terms of configuration. But you can easily manage a backlog, sprints, update tickets, etc, plus they have a query language (JQL) that you can use to make widgets that are useful (although many of those should just be defaults). It's got a lot of flexibility in terms of required fields, forms, workflows, etc.
infamouscow · 2h ago
It's very easy to understand, developers just refuse to accept it for undermining their strongly held beliefs regarding success in the software industry.
It's true you need working software, but without sales and operations doing their part, the software will be scraped when the company folds.
Sales and operations get away with everything because they're the beating heart of any successful organization.
dilyevsky · 2h ago
They also know how to pull strings and engineers generally don't
bayindirh · 1h ago
Yes, Jira is powerful, flexible and allows tons of stuff to be done. It can really store tons of data, accept workflows, etc.
But that thing is slow as a snail. Even if it's an on-prem installation. I want nimble tools.
I know it's a very unpopular opinion, but I'll take a fast Redmine over a slow Jira all day, every day.
P.S.: Another slow tool like this is OpenStack. Every CLI command, every web UI click means a ping-pong of 20 REST requests. At least, when it works, it works, which is 100% of the time if it's configured correctly.
sciurus · 1h ago
I saw a similar pattern when I worked at Mozilla. We had bugzilla and jira, mediawiki and confluence, irc/matrix and slack, the list goes on...
Bugzilla is a Mozilla product so you’d hope they’d use it themselves (it’s often referred to as “dogfooding”). But Jira is everywhere so I’m sure some project managers argued that it was needed.
And once you have Jira then the same people push for Confluence too. But MediaWiki was the de facto standard before everyone jumped on proprietary solutions like Confluence and Notion. In fact I seem to recall that very early versions of Confluence was just a 3rd party Wiki that Atlassian bought. Or at least there was a Java-based Wiki in their early portfolio.
You also have to bear in mind that organising docs is an endless and thankless job which nobody wants to do. So these things tend to multiply like vermin once someone starts creating docs on another platform. One startup I worked for somehow managed to have stuff scattered between Confluence, Notion and Google Docs despite only employing 50 people. It was crazy.
Another client I recently worked for had Sharepoint, Notion and Confluence as their official tools for documentation.
As for IRC and Slack, every company I’ve worked at in the last 5 years had two of either MS Teams, Zoom or Slack. Literally every company. And that’s in addition to email. Go back further and there was Skype, WebEx, and so on and so forth too.
It’s almost a meme these days to hear the sentence “how would you prefer to be contacted” because so many solutions are competing against each other with overlapping functionality.
Then you have developer-focused tools like GitHub with their own docs and issue tracking too
At this point in time, it’s easier to just accept that each org is going to end up with multiple overlapping solutions because you’ll get new people join the team and they’ll want to use their preferred tool because that’s what they’re productive in and so the spiral continues.
So if Mozilla managed to keep the options down to just 2 for each product category, then I’d say they were doing better than most other organisations.
Wonnk13 · 37m ago
Man I miss Buganizer... Even in 2017 Google was starting to smell like Accenture and Oracle. Glad i left before Jira was shoved down my throat.
lenerdenator · 3h ago
> From my experience with sales/PM people at google, they refuse to use internal tools and try to get Jira and other shit installed. Regardless of the tool quality, just because that's what they learned already.
That's when you're supposed to pull the smooth-talking people that are usually in those roles and ask them a very simple question:
"Do you want this tool more than you want to be employed?"
geodel · 1h ago
I think software developer's high pay and relatively consequence free existence have given them a bit of thought leader quality in domains beyond their expertise. But it is not going to be the case for lot of developers soon. So pulling things like
> "Do you want this tool more than you want to be employed?"
will be harmful to wellbeing of developers rather than sales guys.
lenerdenator · 1h ago
> I think software developer's high pay and relatively consequence free existence have given them a bit of thought leader quality in domains beyond their expertise.
Just wait until you hear what salespeople get up to and what they make off of it.
closewith · 3h ago
Good software salespeople are much rarer than good developers, so it's likely that conversion would be had with the other parties.
lenerdenator · 1h ago
From what I have experienced, "good" software salespeople are the ones telling clients lies to seal the deal, that then fall back on the software engineers to fulfill in unreasonable amounts of time that compromise the entire project. I wouldn't call the ability to lie a rare trait.
closewith · 10m ago
From a management perspective, that sounds like:
* Inspiring client confidence and enthusiasm in our solutions
* Motivating engineering teams to tackle ambitious challenges
* Delivering high-impact results within accelerated timelines
Maybe if the devs hadn't been slacking beforehand, they wouldn't have had to rush to catch up.
sigmoid10 · 2h ago
Only if you apply a lower standard for "good" software developers.
closewith · 2h ago
You could limit your definition of good to the 99th percentile and it would still be true.
datadrivenangel · 2h ago
And they're better at selling!
Rebelgecko · 3h ago
Google has been replacing a lot of internal tools with janky cookie cutter Salesforce stuff. Part of the culture change I guess.
QuercusMax · 2h ago
My experience was that a lot of internal tools were tremendously janky. The awful system used for filling out compliance questionnaires for audit often had 10+ second UI latency when saving text fields. The perf tools often broke right when everyone had to use them all at the same time.
I don't know if they every built a proper replacement, but for at least half a decade the Baggins Roster UI (internal backend for things like Google Groups and such) appeared to have been an abandoned summer intern project.
paxys · 1h ago
Custom internal tools at such companies are mostly restricted to the engineering org. Employees in sales, marketing, accounting etc. prefer to stick with the industry standard.
johannes1234321 · 3h ago
As long as they don't aim to make it a product developing a CRM is too expensive. Especially if one wants to include country specific requirements etc. Also training users on a custom software costs money and many people working in roles requiring CRM usage rotate relatively fast.
And for making it a product: It's a quite competed market, with Salesforce, SAP, Google, Microsoft, ... and it doesn't fit to Google's "you're on your own" approach, but requires consulting and integration services, as introducing a CRM to a company involves analysing the existing processes and then adapting processes to software capabilities and adapting software to processes. (Which both often fails ...)
matchagaucho · 53m ago
A few board members have Google/Salesforce connections. They partner on a lot of tech and markets.
> In June, Google warned that a threat actor they classify as 'UNC6040' is targeting companies' employees in voice phishing (vishing) social engineering attacks to breach Salesforce instances and download customer data
> [...]
> In June, one of Google's corporate Salesforce instances was impacted by similar UNC6040 activity described in this post
Nope. Good old fashion social engineering.
wferrell · 3h ago
They had an internal CRM. It was buggy, missing key features and engineers didn’t really want to work on it.
hnthrow90348765 · 3h ago
If I had jumped through Google's hiring hoops, I wouldn't either. Of course, this could be solved with money.
mrweasel · 2h ago
Oh, so I wonder if that's also how KLM lost my data.
grumple · 1h ago
I'm surprised, mostly because Google seems to have basically no salespeople, account reps, or customer management.
geodel · 1h ago
Google has ~40K people in sales and marketing. Likely they didn't assign any to your account.
shadowgovt · 4h ago
I'm modestly surprised to learn Google was using Salesforce internally at all; the NIH runs deep with that company (they even have their own bugtracker because every other option just wouldn't cut it).
On the other hand, the past decade-ish has seen them grow very rapidly via acquisition, so perhaps this DB was grandfathered in via an acquired company and hadn't yet been replaced by anything internal.
(For Salesforce in particular though, I'd be willing to believe Google doesn't have an in-house alternative... People asked for a Salesforce-like in Google Workspace for years and the company had no interest. I have a hunch that most Googlers find the idea of creating a new CRM to be a profoundly boring intellectual exercise).
eitally · 3h ago
Fwiw, I was hired by Google in 2015 to help answer questions like "if Google were to add a CRM to the GSuite portfolio, should they build one, buy one or partner with key players". My team's charter was to create business cases with various options and run them up to chain (at the time, Prabhakar was running product for "Google for Work"). On more than one occasion we presented cases with 3 year ROIs in the $xxxM range and were shot down every time with a "too small" comment. A couple years later, Google had partnered with Copper CRM and supported extension builds into Workspace/GSuite, but had also begun a major enterprise rationalization project to consolidate a multitude of Salesforce instances into a single one, at the same time as adopting standard enterprise features & processes of Anaplan.
This led to consolidation of a number of back office IT teams that ultimately ended up with far more enforcement clout than they'd historically had. By the time Ruth changed roles, most of the "normal" business processes had been fairly standardized. Fwiw, the Cloud instance of SFDC, which is by far the most complex & customized, has been in full use for almost five years now and is the canonical source of truth for sales data.
coredog64 · 3h ago
I'm surprised Google could get away with only a single SFDC instance. AWS has multiple SFDC installations and is forever having to deal with "Oh, yeah, that data is in this other SFDC installation"
ssk42 · 14m ago
Yeah, they have the world class Salesforce engineers there. One of Google's Salesforce's last tech leads wound up becoming the Director of the proprietary Salesforce language Apex.
shadowgovt · 3h ago
I wonder if the Cloud SFDC is the one that was compromised. It's a little telling Google didn't go into details about which arm of the octopus got attacked (or if they did, I didn't see that reporting yet... Unless Cloud is the implied victim because the description of the attack showed up on the Cloud blog).
I feel you about the ROI. In hindsight, it's a little funny to me that Salesforce is doing revenue numbers a little under half of Google Cloud; you'd think that would be large enough value to get Google interested in biting into that pie.
loeg · 3h ago
> they even have their own bugtracker because every other option just wouldn't cut it
Of all the things to NIH, this is one of the most defensible -- lots of bugtracker options just aren't very good.
cjpearson · 1h ago
I've generally not had an interest in working for one of the big tech companies, but the opportunity to escape JIRA is tempting.
dilyevsky · 3h ago
iirc google cloud’s entire support ticket system is built on top of sf - it went down when saleforce had an outage a few years back
bpodgursky · 4h ago
Salespeople are VERY familiar with Salesforce and are not very technical. Probably significantly increases onboarding and training time to have a weird new tool.
Easy to hire experienced salespeople and have them hit the ground fast if they use standard Salesforce conversion flows.
bombcar · 1h ago
It still amazes me that Salesforce, which is good, mind you, is still basically just Microsoft Access as a Service, and yet here we are.
mc32 · 4h ago
Google uses lots of non-Google solutions for many things —just imagine all the facilities stuff. But so does any software company, including Microsoft and Amazon.
That said, you can hire people for any purpose (specific roles) and you can build what you want. It’s more a question of whether it’s worth it to build such solutions, after all you have a main line of business to tend to. That’s to say even Google and Apple have so called “boring “ roles and there are lots of people who don’t see it that way and want to work doing those things.
progbits · 3h ago
Actually lot of the facilities stuff is inhouse too - floor plans (not just the seat map but actual floor drawings that include physical infrastructure); the ticketing system for maintenance; work hour tracking for contractors; probably lot more that I'm forgetting.
But yes your point stands, sometimes it just makes more sense to use an existing product.
eitally · 3h ago
The floor plan tool isn't really in house. It's just an extension of the industry standard real estate management platform they use Tririga (https://www.ibm.com/products/tririga) ... in the same way that go/teams in just an custom visualization of a standard employee directory.
You might be surprised how much of what runs Google (Anaplan, for example, for XWS) is fairly industry standard.
shadowgovt · 4h ago
Given the low expected profit margin, a CRM solution at Google would likely come from a 20% project (or rather, the equivalent thing these days since last I checked 20% is basically dead as a formal concept). Nobody expected GMail to blow up the way it did, for example; it happened because some Googlers decided they could probably do a web-client-fronted mail client with a Google search engine attached to it and if they did it'd be really cool.
But even with their, what, 180,000 people these days, I think it's entirely possible nobody is as excited about CRM as Paul Buchheit was about email services.
>The attackers impersonate IT support personnel, requesting the target employee accept a connection to Salesforce Data Loader, a client application...
"The application supports OAuth and allows for direct "app" integration via the "connected apps" functionality in Salesforce," explains the researchers.
"Threat actors abuse this by persuading a victim over the phone to open the Salesforce connect setup page and enter a "connection code," thereby linking the actor-controlled Data Loader to the victim's environment.
... app is used to export data stored in Salesforce instances and then used the access to move laterally through connected platforms such as Okta, Microsoft 365, and Workplace.
Accessing these additional cloud platforms allows the threat actors to access more sensitive information stored on those platforms, including sensitive communications, authorization tokens, documents, and more.
> The instance was used to store contact information and related notes for small and medium businesses. Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off. The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.
Most likely translation: it affected the Google SMB sales team's Salesforce instance
That's a pretty nonchalant way to say "they totally stole stuff before we knew what was going on or could stop them".
Which is to say, they took public _and_ private data and the private data is something we don't wish to publicly admit so probably not good.
Could totally see someone sending a message like "Hey, your TAM asked me to talk to you about $IMPORTANT_FEATURE_REQUEST, can you grant me read access in the account where you're developing $UPCOMING_SECRET_PROJECT so I can get some additional color?" It might even be enough to get someone on a conference call and pump them for MNPI about $UPCOMING_SECRET_PROJECT under the guise of ensuring that the feature request is helpful.
https://krebsonsecurity.com/2025/07/phishers-target-aviation...
This mostly didn't work out for them back in the day but in more recent times as more and more low quality middle level managers and execs get hired they manage to get approvals.
In my org a new VP demanded Jira instance within a month of joining the company and that it be used for technical project reporting.
Of course all the developers said fuck no to that so for a while some managers were trying to do two way sync between Jira and Buganizer. When I left it was mostly abandoned and full of tumbleweed...
I think that it’s been diverted from its original purpose,and is now indeed horribly complicated since it’s supposed to be all in one package.
I’ve also noted that in large companies the quality of the product for end users, as long as it’s not a massive drag on productivity or on recruitment and is not core business, is irrelevant and that other factors are more important ( costs, contracts , easy to install integrate and maintain, quality of support, breadth of use within the company etc ). This makes atlassian a natural superpower.
To my great consternation, I have not found this to be true in the cloud version:
https://jira.atlassian.com/browse/JRACLOUD-72631
Special thanks to Matt Lachman for keeping up the good fight every (business) day.
Even for internal projects, a lot of money is thrown at software because the corporation has decided (rightly or wrongly) that it's easier than changing process, culture, personnel, or internal incentives.
For example, salespeople on commission were closing not-very-profitable deals. The response was to layer in a complicated project feasibility/profitability estimation logic, configuration features for an "approval" org-chart hierarchy between users, and various new triggers to block the workflow at particular steps and e-mail people to come click and approval button... I still feel it would have (should have?) been better to change how the sales commissions worked.
The problem is that the workflow you officially have and wish you used is almost never the actual workflow, so it becomes horribly confused and insane.
It's true you need working software, but without sales and operations doing their part, the software will be scraped when the company folds.
Sales and operations get away with everything because they're the beating heart of any successful organization.
But that thing is slow as a snail. Even if it's an on-prem installation. I want nimble tools.
I know it's a very unpopular opinion, but I'll take a fast Redmine over a slow Jira all day, every day.
P.S.: Another slow tool like this is OpenStack. Every CLI command, every web UI click means a ping-pong of 20 REST requests. At least, when it works, it works, which is 100% of the time if it's configured correctly.
I just checked and https://github.com/mozilla/jira-bugzilla-integration is alive and well.
Bugzilla is a Mozilla product so you’d hope they’d use it themselves (it’s often referred to as “dogfooding”). But Jira is everywhere so I’m sure some project managers argued that it was needed.
And once you have Jira then the same people push for Confluence too. But MediaWiki was the de facto standard before everyone jumped on proprietary solutions like Confluence and Notion. In fact I seem to recall that very early versions of Confluence was just a 3rd party Wiki that Atlassian bought. Or at least there was a Java-based Wiki in their early portfolio.
You also have to bear in mind that organising docs is an endless and thankless job which nobody wants to do. So these things tend to multiply like vermin once someone starts creating docs on another platform. One startup I worked for somehow managed to have stuff scattered between Confluence, Notion and Google Docs despite only employing 50 people. It was crazy.
Another client I recently worked for had Sharepoint, Notion and Confluence as their official tools for documentation.
As for IRC and Slack, every company I’ve worked at in the last 5 years had two of either MS Teams, Zoom or Slack. Literally every company. And that’s in addition to email. Go back further and there was Skype, WebEx, and so on and so forth too.
It’s almost a meme these days to hear the sentence “how would you prefer to be contacted” because so many solutions are competing against each other with overlapping functionality.
Then you have developer-focused tools like GitHub with their own docs and issue tracking too
At this point in time, it’s easier to just accept that each org is going to end up with multiple overlapping solutions because you’ll get new people join the team and they’ll want to use their preferred tool because that’s what they’re productive in and so the spiral continues.
So if Mozilla managed to keep the options down to just 2 for each product category, then I’d say they were doing better than most other organisations.
That's when you're supposed to pull the smooth-talking people that are usually in those roles and ask them a very simple question:
"Do you want this tool more than you want to be employed?"
> "Do you want this tool more than you want to be employed?"
will be harmful to wellbeing of developers rather than sales guys.
Just wait until you hear what salespeople get up to and what they make off of it.
* Inspiring client confidence and enthusiasm in our solutions
* Motivating engineering teams to tackle ambitious challenges
* Delivering high-impact results within accelerated timelines
Maybe if the devs hadn't been slacking beforehand, they wouldn't have had to rush to catch up.
I don't know if they every built a proper replacement, but for at least half a decade the Baggins Roster UI (internal backend for things like Google Groups and such) appeared to have been an abandoned summer intern project.
And for making it a product: It's a quite competed market, with Salesforce, SAP, Google, Microsoft, ... and it doesn't fit to Google's "you're on your own" approach, but requires consulting and integration services, as introducing a CRM to a company involves analysing the existing processes and then adapting processes to software capabilities and adapting software to processes. (Which both often fails ...)
> [...]
> In June, one of Google's corporate Salesforce instances was impacted by similar UNC6040 activity described in this post
Nope. Good old fashion social engineering.
On the other hand, the past decade-ish has seen them grow very rapidly via acquisition, so perhaps this DB was grandfathered in via an acquired company and hadn't yet been replaced by anything internal.
(For Salesforce in particular though, I'd be willing to believe Google doesn't have an in-house alternative... People asked for a Salesforce-like in Google Workspace for years and the company had no interest. I have a hunch that most Googlers find the idea of creating a new CRM to be a profoundly boring intellectual exercise).
This led to consolidation of a number of back office IT teams that ultimately ended up with far more enforcement clout than they'd historically had. By the time Ruth changed roles, most of the "normal" business processes had been fairly standardized. Fwiw, the Cloud instance of SFDC, which is by far the most complex & customized, has been in full use for almost five years now and is the canonical source of truth for sales data.
I feel you about the ROI. In hindsight, it's a little funny to me that Salesforce is doing revenue numbers a little under half of Google Cloud; you'd think that would be large enough value to get Google interested in biting into that pie.
Of all the things to NIH, this is one of the most defensible -- lots of bugtracker options just aren't very good.
Easy to hire experienced salespeople and have them hit the ground fast if they use standard Salesforce conversion flows.
That said, you can hire people for any purpose (specific roles) and you can build what you want. It’s more a question of whether it’s worth it to build such solutions, after all you have a main line of business to tend to. That’s to say even Google and Apple have so called “boring “ roles and there are lots of people who don’t see it that way and want to work doing those things.
But yes your point stands, sometimes it just makes more sense to use an existing product.
You might be surprised how much of what runs Google (Anaplan, for example, for XWS) is fairly industry standard.
But even with their, what, 180,000 people these days, I think it's entirely possible nobody is as excited about CRM as Paul Buchheit was about email services.
Uh, it's the users that suffer.
You Suffer https://www.youtube.com/watch?v=_-ywSPWu3K8
>The attackers impersonate IT support personnel, requesting the target employee accept a connection to Salesforce Data Loader, a client application...
"The application supports OAuth and allows for direct "app" integration via the "connected apps" functionality in Salesforce," explains the researchers.
"Threat actors abuse this by persuading a victim over the phone to open the Salesforce connect setup page and enter a "connection code," thereby linking the actor-controlled Data Loader to the victim's environment.
... app is used to export data stored in Salesforce instances and then used the access to move laterally through connected platforms such as Okta, Microsoft 365, and Workplace.
Accessing these additional cloud platforms allows the threat actors to access more sensitive information stored on those platforms, including sensitive communications, authorization tokens, documents, and more.