The ShinyHunters extortion group has stolen over 1.5 billion Salesforce records by exploiting compromised OAuth tokens, targeting numerous companies worldwide. These attacks involved social engineering, breach of GitHub repositories, and the use of stolen tokens to access sensitive data, highlighting significant risks to cloud-based platforms. #ShinyHunters #Salesforce #OAuthTokens #DataTheft #Organizations
Keypoints
- The ShinyHunters group claims to have stolen 1.5 billion records from 760 companies using OAuth token compromises.
- The attackers targeted Salesforce data through social engineering and malicious OAuth applications, exploiting GitHub breaches.
- Stolen data included sensitive information from various Salesforce objects, such as Accounts, Contacts, and Support Cases.
- The threat actors also sought secrets like credentials and access keys to expand their assaults into other environments.
- Law enforcement agencies issued advisories, and Salesforce recommends security measures like multi-factor authentication to mitigate risks.