ShinyHunters claims to have breached roughly 400 organizations by exploiting publicly accessible Salesforce Experience Cloud portals and is threatening to leak stolen records unless extorted. The group reportedly used a modified Aura Inspector to find guest-user configuration weaknesses and pulled names and phone numbers that are being used for vishing. #ShinyHunters #SalesforceExperienceCloud
Keypoints
- ShinyHunters warned about successful breaches at approximately 400 organizations and threatened mass data leaks.
- The attacks targeted sites built on Salesforce Experience Cloud by scanning for overly permissive guest user settings.
- Attackers used a modified Aura Inspector tool to locate vulnerable configurations and exfiltrate data.
- Stolen information included names and phone numbers, which have been used in vishing campaigns.
- Salesforce urges customers to apply least-privilege guest settings, make data private by default, and disable public APIs to mitigate risk.
Read More: https://hackread.com/shinyhunters-hackers-threat-stolen-salesforce-data/