Salesforce.com Buys CrispyNews, Fends Off Phishers

Yup, they bought CrispyNews

...almost a year ago. A few bloggers noted that CrispyNews URLs now redirect to Salesforce.com. Turns out Salesforce.com quietly bought the start-up's technology assets way back in January, a fact never disclosed in its financial filings because the purchase price wasn't large enough to rate as a material transaction.

CrispyNews got attention for its "roll-your-own-Digg" technology for creating customized news feed sites centered around particular issues or topics. What intrigued Salesforce.com, though, was CrispyIdeas, a spin-off that allowed users to suggest and vote on product suggestions and other corporate feedback. Salesforce.com adopted the technology as the basis for its own Salesforce Ideas site, which it uses both internally and externally to solicit suggestions from customers and employees.

Salesforce has already begun leveraging its new technology as a product offering: Dell's IdeaStorm site, which famously convinced Dell to offer preinstalled Linux PCs, is built on the Salesforce Ideas platform. Later this year, the company will roll out pricing and product packaging to make the Ideas platform available to any other companies or solutions developers that want to build around it, according to Bruce Francis, Salesforce.com's vice president of corporate strategy.

Like eBay, Salesfoce.com is vulnerable to phishing

Payroll services firm ADP put out a warning last month about a phishing scam targeting its clients. The terse note explained: "The initial attack was made on a third-party 'business contact' information system that ADP uses to hold client and other third party information, including names, addresses, email addresses, and other generally available company information. It has been determined that the stolen email contact information in this database is being used to notify clients and others with the 'from' address spoofed to look like a valid ADP email address."

Multiple sources, including the Washington Post, now say that third-party database was Salesforce.com. ADP has long been one of Salesforce.com's marquee enterprise accounts; it has more than 7,000 licensed users on Salesforce.com's CRM system.

It's not clear whether the initial intrusion into ADP's data was itself the result of a phishing attack, but either way, the incident raises again the "are hosted applications secure?" specter that Salesforce.com and its SaaS cohorts have spent years fending off. The company's trust.salesforce.com portal, created in the wake of a spate of outages to reassure customers and prospects about Salesforce.com's uptime, now includes primers on avoiding phishing and spoofing attacks.

Something bad went down with a customer, and no, Salesforce isn't going to talk about it

JMP Securities analyst Patrick Walravens sent out a research note yesterday highlighting several concerns about Salesforce.com (he rates the company "market perform") and recounting the odd tale of a customer, a "private on-demand company," that Salesforce.com apparently kicked off its service.

According to Walravens' sources, the company poached several salespeople from Salesforce.com -- a move Salesforce.com retaliated against by declining to renew the company's Salesforce.com service contract. Forewarned, the company evaluated alternatives, picked Oracle's Siebel CRM OnDemand, and migrated its data and 400-user subscription.

"While the sales people don't like the look and feel of the Oracle application as much as they liked salesforce.com, the company was relieved to have preserved its critical sales and prospect information and to no longer be dependent on salesforce.com," Walravens wrote in his note. Oracle is making the most of its opportunity: Walravens repeated anecdotal reports that some Oracle sales reps now feature an "Are you sure Mark Benioff likes you?" slide in their competitive decks.

Salesforce.com's representatives declined to comment on any aspect of Walravens' report. Off the record, a company source acknowledged a customer conflict but said the public accounting omitted key facts and context around a unique incident.

Whatever happened, Walravens suggests that rivals could use it to make hay: "While we agree this was an unusual situation, it has nevertheless happened and now competitors are seeking to make a trend out of it. As the leader in the on demand space, we think it's incumbent upon salesforce.com to make sure that its renewal policies are above reproach. We think in this case salesforce.com failed to meet that standard."