Salesforce Customers Hit by Third Major Attack Wave in Six Months

Salesforce warns of attacks exploiting guest settings, with ShinyHunters breaching 100 companies via Experience Cloud sites.

By Content Team

Mar 11, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Salesforce issued a security alert Saturday warning of ongoing attacks targeting customers' Experience Cloud sites. The threat group ShinyHunters claims to have breached about 100 companies by exploiting misconfigured guest user settings that allow unauthorized access to customer data.

Attackers are using a modified version of Mandiant's AuraInspector tool to scan public-facing sites and steal data from instances with overly permissive guest profiles. These settings are meant to give unauthenticated users access to public information, but excessive permissions let attackers view additional data without logging in.

This marks the third widespread attack spree against Salesforce customers since August, following incidents involving Gainsight and Salesloft Drift integrations.

Source: CyberScoop

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Critical Microsoft Office Flaw Lets Attackers Take Control Without User Interaction

Mar 12, 2026

Critical Chrome Zero-Day Exploit Code Goes Public After Active Attacks

Mar 3, 2026

Saudi Arabia Ordered to Pay £3m to London Dissident Over Pegasus Spying

Jan 29, 2026

Critical Apache StreamPipes Flaw Lets Attackers Hijack Admin Accounts

Dec 31, 2025