ShinyHunters claim new Salesforce Aura breach via misconfigured guest access
TL;DR Summary
Salesforce warns customers that misconfigured Experience Cloud guest access can let unauthenticated visitors query CRM data, while ShinyHunters claims to be exploiting a bug with a modified AuraInspector to steal data. Salesforce stresses there is no platform flaw and urges admins to audit guest permissions, set org defaults to private, disable API access for guest profiles, turn off self-registration, and monitor Aura Event Monitoring. Mandiant confirms AuraInspector misuse and notes that detection in logs does not guarantee a breach.
- ShinyHunters claims ongoing Salesforce Aura data theft attacks BleepingComputer
- Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign SecurityWeek
- 'Overly Permissive' Salesforce Cloud Configs in the Crosshairs Dark Reading | Security
- Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool The Hacker News
- ShinyHunters claims more high-profile victims in latest Salesforce customers data heist theregister.com
Reading Insights
Total Reads
0
Unique Readers
4
Time Saved
6 min
vs 6 min read
Condensed
93%
1,189 → 79 words
Want the full story? Read the original article
Read on BleepingComputer