Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

A New Layer of Insanity: ShinyHunters' Latest Salesforce Data Heist Exposes High-Profile Victims


ShinyHunters has claimed responsibility for a massive Salesforce data breach targeting high-profile companies, including itself, with approximately 100 victims affected.

  • The notorious group ShinyHunters claimed responsibility for a massive data breach targeting prominent companies using Salesforce.
  • The attackers exploited overly permissive guest user settings, allowing them to bypass security measures and steal sensitive data.
  • The attack used a modified version of an open-source tool to automate vulnerability scans across Salesforce environments.
  • Industry experts urge companies to prioritize their security posture by regularly reviewing and updating their guest user settings and implementing robust access controls.


    • In a recent development that has sent shockwaves through the cybersecurity community, ShinyHunters, a notorious group known for its sophisticated and high-profile data breaches, has claimed responsibility for another massive data heist targeting prominent companies using the Salesforce platform. According to reports, the attackers managed to steal sensitive data from approximately 100 high-profile organizations, including Salesforce itself.

    The breach is attributed to an exploitation of overly permissive guest user settings on Experience Cloud sites. These settings allow unauthenticated users to view public pages, FAQs, or submit forms without logging in. However, if these profiles are misconfigured with excessive permissions, sensitive data may become accessible, allowing threat actors like ShinyHunters to directly query Salesforce CRM objects without needing a valid login.

    In this case, the attackers used a modified version of an open-source tool developed by Mandiant, titled AuraInspector, to automate vulnerability scans across Salesforce environments. This allowed them to identify vulnerable targets and bypass security measures more efficiently.

    The attack on Salesforce is not the first time ShinyHunters has targeted the platform. In 2024, the group was responsible for the theft of sensitive data from Snowflake customers' databases. Furthermore, it has been reported that LastPass users were also affected in a recent phishing campaign.

    Salesforce has emphasized the need for its customers to audit guest user permissions and enforce least privilege access models to restrict access to only the minimum objects and fields required. They have also recommended setting default external access to "private" for all objects, unchecking "Allow guest users to access public APIs," and disabling API-enabled guest user profiles.

    Industry experts and cybersecurity professionals are urging companies to prioritize their security posture by regularly reviewing and updating their guest user settings and implementing robust access controls to prevent similar breaches in the future. As Mandiant Consulting CTO Charles Carmakal noted, detecting scanning activity does not necessarily indicate a compromise; however, prompt action can help mitigate potential risks.

    The incident serves as another stark reminder of the importance of cybersecurity awareness and the need for companies to maintain vigilant security measures to protect their sensitive data from falling into the wrong hands. As ShinyHunters continues to evolve its tactics, the importance of staying ahead of these threats cannot be overstated.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/A-New-Layer-of-Insanity-ShinyHunters-Latest-Salesforce-Data-Heist-Exposes-High-Profile-Victims-ehn.shtml

  • https://go.theregister.com/feed/www.theregister.com/2026/03/09/shinyhunters_claims_more_highprofile_victims/

  • https://cloud.google.com/blog/topics/threat-intelligence/auditing-salesforce-aura-data-exposure

  • https://github.com/google/aura-inspector

  • https://en.wikipedia.org/wiki/Snowflake_data_breach

  • https://www.huntress.com/threat-library/data-breach/snowflake-data-breach

  • https://www.lastpass.com/company/newsroom/07a7152d-0d5c-4acb-b7f5-fd2d890f2599

  • https://www.forbes.com/sites/daveywinder/2025/12/14/lastpass-data-breach---insufficient-security-exposed-16-million-users/

  • https://www.bleepingcomputer.com/news/security/shinyhunters-claims-ongoing-salesforce-aura-data-theft-attacks/

  • https://theconversation.com/what-are-shinyhunters-the-hackers-that-attacked-google-should-we-all-be-worried-264271

  • https://en.wikipedia.org/wiki/ShinyHunters

  • https://cybersecuritynews.com/protect-your-enterprise-from-shinyhunters-apt-hackers/


    • Published: Mon Mar 9 14:38:28 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us