"Have stolen data from almost 400 websites and about 100 essential high profile companies Snowflake, Okta, Lastpass, Salesforce itself, Sony, AMD, and a lot more. Recon and exploitation has been going on for several months now."
"This issue is not due to any vulnerability inherent to the Salesforce platform, but rather Experience Cloud sites where a guest user profile has been inadvertently configured with overly broad permissions. We have provided customers with guidance to restrict guest user access to help safeguard their sites."
"Salesforce has been a longtime target of the extortion crew, which has stolen data from hundreds of the CRM giant's customers in a series of attacks over the past year. ShinyHunters was also the crew behind the 2024 Snowflake customers' database intrusions."
ShinyHunters, a threat actor group, has claimed responsibility for stealing data from nearly 100 major companies and approximately 400 websites through a coordinated campaign targeting Salesforce Experience Cloud sites. The attacks exploited misconfigured guest user profiles with excessive permissions rather than platform vulnerabilities. Salesforce confirmed the threat activity and attributed the breaches to improper access configurations, directing customers to restrict guest user access. The group has a history of targeting Salesforce customers and was previously responsible for 2024 Snowflake intrusions. Affected companies include Snowflake, Okta, LastPass, Sony, and AMD, with reconnaissance and exploitation ongoing for several months.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]