SOQL stands for Salesforce Object Query Language. It is the query language used to search and retrieve data from Salesforce CRM objects such as Accounts, Contacts, Cases, and custom records. Like SQL, it lets applications filter and join data, but it is designed specifically for the Salesforce data model and permissions.
In cyber security, SOQL matters because it can be used to enumerate and bulk-extract CRM data when an attacker gets valid access to a Salesforce account, token, or connected app. A few well-formed queries can reveal large volumes of customer, employee, and case data without malware or file encryption, which makes the activity look like normal API traffic. Defenders monitor SOQL-driven access by reviewing query logs, spotting unusual object searches, and flagging mass exports or access patterns that do not match a user’s role. Limiting privileges, protecting tokens, and reviewing integrations help reduce the risk of data theft through SOQL abuse.



