Portuguese English German

Sad state of Salestech security

Every company relies on sales and marketing SaaS to increase sales.

This is something everyone can imagine.

But let me tell you about the dark side of it.

Email access

All those CRMs only work well when integrated with your company's email system.

So even emails that were not supposed to be sent to the CRM SaaS will be.

Not only that, but to send emails on your behalf, you usually have to enable 'less secure' apps on Google Workspace, for example.

Session hijacking

To automate social network actions, e.g., sending LinkedIn messages, SaaS companies try to minimize the chances of being caught.

Do you know the most reliable way to do that?

Yes, by asking for your current session ID.

Instead of allowing automation with a clear boundary, social networks force vendors to the point of asking for your session ID.

Supply Chain Risk

If you hack these vendors, the damage can be substantial.

  • Hacking a CRM company is pretty much the same as hacking the email server.
  • Hacking an Automation SaaS is pretty much the same as an Account Takeover.

Share on Twitter Share on Facebook Share on LinkedIn Share on Hacker News

Popular Posts