ShinyHunters claims breach of 400 companies via cloud misconfigurations. π
Data Theft Alert Β· Exploitation of overly permissive Experience Cloud guest users.
The ShinyHunters hacking group claims to have compromised roughly 400 companies by exploiting insecure guest user configurations on @[Salesforce](urn:li:organization:1509) Experience Cloud sites. @[Mandiant](urn:li:organization:264848) has confirmed that attackers are using a modified version of the AuraInspector tool to perform mass scans for vulnerable sites.
By bypassing record-query limitations, attackers have been siphoning sensitive data from public-facing portals since late 2025. This campaign specifically targets organizations that have not restricted guest user visibility or disabled self-registration features on their cloud sites.
The uncomfortable truth: Your cloud collaboration platforms are the new primary frontier for mass data exfiltration if your default permissions are not set to Private.
β Review and restrict @[Salesforce](urn:li:organization:1509) Experience Cloud guest user permissions immediately.
β Uncheck ‘Portal User Visibility’ and ‘Site User Visibility’ in Sharing Settings to prevent member enumeration.
β Disable self-registration if your site does not require unauthenticated visitors to create accounts.
Have you audited your public cloud portal configurations for overly permissive guest access this month? π
#Cybersecurity #CloudSecurity #Salesforce #DataBreach #SOC #CodeDefence