Summary
ShinyHunters exploited misconfigured guest user permissions in Salesforce Experience Cloud sites using a modified Mandiant tool to allegedly steal data from approximately 100 high-profile organizations.
Take Action:
If you use Salesforce Experience Cloud, audit your guest user permissions immediately and enforce least-privilege access: disable public API access for guest profiles and set all object sharing to "private." Review your site for exposure through the /s/sfsites/ aura endpoint and check with Salesforce support for updated detection rules to identify any past malicious scanning activity.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)