Remember a few weeks ago when I mentioned that new really cool set of open source tools Google put out to scan Salesforce apps for misconfiguration vulnerabilities?
This is why we can't have nice things.
https://thehackernews.com/2026/03/threat-actors-mass-scan-salesforce.html
ShinyHunters claim more SalesForce victims.
Putting aside the question of if they actually took the data. You have to love the response from Salesforce, effectively blaming the customer for over provisioned guest permissions.
Its as if Salesforce feels they have absolutely no say or impact on the environment and how those accounts are set up and provisioned.
https://www.theregister.com/2026/03/09/shinyhunters_claims_more_highprofile_victims/
Subscribe to #salesforce entries via RSS feed