Your public cloud portals are being systematically drained of corporate data. π
Data Theft Alert Β· ShinyHunters exploiting Salesforce Experience Cloud misconfigurations.
In the last 24 hours, evidence has surfaced of a massive data theft campaign targeting @[Salesforce](urn:li:organization:1509) Experience Cloud sites. The ShinyHunters group is utilizing a modified version of the AuraInspector tool to identify misconfigured guest user permissions, allowing them to exfiltrate records from over 300 companies.
While @[Salesforce](urn:li:organization:1509) maintains the platform itself is secure, the issue stems from customer-configured guest access settings that allow unauthenticated users to query sensitive data. Attackers have bypassed previous record-limit restrictions and are actively harvesting data using the user agent Anthropic/RapeForceV2.01.39.
The uncomfortable truth: Your cloud collaboration platforms are the new primary frontier for mass data exfiltration if your default permissions are not set to Private.
β Review and restrict Salesforce Experience Cloud guest user permissions immediately.
β Disable ‘Portal User Visibility’ and ‘Site User Visibility’ in your global sharing settings.
β Audit your web logs for unusual GraphQL API queries originating from unknown user agents.
Have you audited your public cloud portal configurations for overly permissive guest access this month? π
#Cybersecurity #CloudSecurity #Salesforce #DataBreach #CISO #CodeDefence