#salesforce-security

#salesforce-security

Salesforce warned users of increased threat actor activity exploiting misconfigured publicly accessible sites and permissive guest user settings to gain unauthorized data access for social engineering and vishing campaigns.

Salesforce Experience Cloud customers face attacks from ShinyHunters exploiting misconfigured guest user permissions, not product vulnerabilities, using a modified Aura Inspector tool to extract data.

ShinyHunters targets Salesforce instances through social engineering and misconfiguration exploitation, not platform vulnerabilities, prompting Salesforce warnings about overly permissive guest user settings.

Threat actors are exploiting misconfigured Salesforce Experience Cloud sites using a modified AuraInspector tool to extract sensitive data from overly permissive guest user profiles.

ShinyHunters claims to have stolen data from approximately 100 high-profile companies including Salesforce, Snowflake, Okta, LastPass, Sony, and AMD through exploiting overly broad guest user permissions on Salesforce Experience Cloud sites.