ShinyHunters claims ongoing Salesforce Aura data theft attacks

The extortion group ShinyHunters asserts it is actively compromising Salesforce Aura (Experience Cloud) instances, allegedly leveraging a novel vulnerability to exfiltrate sensitive data. This claim comes as Salesforce continues to warn customers about existing misconfigurations within their Experience Cloud platforms. These specific misconfigurations can inadvertently grant guest users broader data access than intended, leading to potential exposure of sensitive information. However, ShinyHunters’ declaration differentiates itself by claiming exploitation of a *new*, undisclosed bug, rather than merely capitalizing on previously identified customer configuration errors¹. This purported new attack vector suggests a potentially more sophisticated threat beyond the scope of documented configuration weaknesses. Organizations utilizing Salesforce Experience Cloud must critically re-evaluate their security postures. Thorough auditing of platform configurations, meticulous review of guest user permissions, and prompt application of all available security updates become paramount to mitigate the risk of data compromise. Ignoring such threats could lead to significant financial and reputational damage.