Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign - SecurityWeek

The notorious ShinyHunters cybercrime group has announced a new campaign targeting Salesforce customers, involving data theft and extortion, by exploiting misconfigurations or publicly accessible sites, specifically overly permissive Experience Cloud guest user configurations. Salesforce has issued a warning to its customers, emphasizing that these breaches are due to customer-configured settings, not platform vulnerabilities, and that a modified version of the Aura Inspector tool is being used to extract data.