ShinyHunters claim new Salesforce Aura breach via misconfigured guest access
Salesforce warns customers that misconfigured Experience Cloud guest access can let unauthenticated visitors query CRM data, while ShinyHunters claims to be exploiting a bug with a modified AuraInspector to steal data. Salesforce stresses there is no platform flaw and urges admins to audit guest permissions, set org defaults to private, disable API access for guest profiles, turn off self-registration, and monitor Aura Event Monitoring. Mandiant confirms AuraInspector misuse and notes that detection in logs does not guarantee a breach.