Einstein’s Wormhole Exposes Salesforce Calendars to Potential Hackers

By Supriyo Chatterji / November 3, 2021

Salesforce Communities and Einstein Activity Capture (EAC) can lead to a compromise of the administrator’s Outlook or Google calendar through a bug the Varonis research team discovered, naming it Einstein’s Wormhole. Calendars used by admins may contain highly sensitive information, including attendee names and emails, file attachments, meeting URLs and passwords, agendas, and email replies.

The issue has been reported to the Salesforce team and they have fixed it as of August 19, so if your Salesforce Community was created prior to this date, you must remediate exposed calendar events.

The EAC is used to sync emails and calendar events between Microsoft Exchange, Google accounts, and Salesforce. If a user leaves access open with a meeting link, hackers could gain passwords and infiltrate a meeting without being noticed.

source: Varonis

Short of getting the latest upgrade, the most effective way of securing against the Einstein Wormhole bug is to change your guest ID parameters. First, you must replace your guest user’s email with something like "test[@]" or "guest[@]" After that, remove all confidential information accessible via the guest account.

source: Varonis

You can do this via the Development Console option in your Salesforce app and access the “Execute Anonymous Window.” Next, “Execute” the code above to change the email address used by guests.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari