March 10, 2026

Salesforce Customers Hit by Large-Scale Data Theft Operation

Vaibhav March 10, 2026
Salesforce-Customers-Hit-by-Large-Scale-Data-Theft-Operation
Post Views: 1

Salesforce Customers Targeted by ShinyHunters Cybercrime Group

A new wave of data theft and extortion has been unleashed by the notorious ShinyHunters cybercrime group, targeting hundreds of Salesforce customers.

Attack Details

According to Salesforce, the attacks began in mid-2025, leveraging social engineering tactics and exploiting misconfigurations to compromise sensitive data.

According to Salesforce, the issue is not due to a vulnerability in its platform, but rather a customer-configured setting that has been exploited by the threat actor.

The attackers have modified an open-source tool called Aura Inspector, originally developed by Mandiant for auditing Salesforce Aura instances, to extract data from vulnerable sites.

ShinyHunters Claims Responsibility

ShinyHunters has claimed responsibility for the attack, boasting that they have targeted “several hundreds of companies” as part of the “Salesforce Aura Campaign.”

The group has threatened to release stolen data if their extortion demands are not met.

Causes of the Breach

Salesforce has confirmed that the data breaches were the result of phishing, abuse of third-party integrations, or misconfigurations, rather than vulnerabilities in its products or systems.

The company has advised customers to review their guest user settings and ensure that they are not overly permissive.

ShinyHunters’ History of Attacks

The ShinyHunters group has a history of targeting high-profile organizations and leaking sensitive data.

In 2025, the group was responsible for compromising millions of data records, which were subsequently leaked online.

Prevention and Protection

The latest campaign highlights the importance of proper configuration and security measures in preventing data breaches.

Organizations using Salesforce are advised to take immediate action to review their settings and ensure that they are not vulnerable to similar attacks.

The incident also underscores the need for customers to be vigilant and proactive in protecting their data.

By taking steps to secure their Salesforce instances, organizations can reduce the risk of data breaches and extortion attempts.



About Author

Vaibhav

See author's posts

More Stories

County-Loses-13-Crore-in-Cyber-Fraud-A-Case-of-Online-Payment-Scam

County Loses ₹13 Crore in Cyber Fraud: A Case of Online Payment Scam

Vaibhav March 10, 2026
Russian-Hackers-Target-Signal-and-WhatsApp-Accounts-in-Global-Cyber-Attack-Campaign

Russian Hackers Target Signal and WhatsApp Accounts in Global Cyber Attack Campaign

Vaibhav March 10, 2026
Varanasi-Police-Busts-Cyber-Gang-Using-SMS-Forwarder-APK-for-Online-Looting

Varanasi Police Busts Cyber Gang Using SMS-Forwarder APK for Online Looting

Vaibhav March 10, 2026

Latest Cyber Security News

Salesforce-Customers-Hit-by-Large-Scale-Data-Theft-Operation

Salesforce Customers Hit by Large-Scale Data Theft Operation

Vaibhav March 10, 2026
2026-A-Strategic-Opportunity-for-Cybersecurity-Professionals-to-Thrive-in-a-Post-Pandemic-World

2026: A Strategic Opportunity for Cybersecurity Professionals to Thrive in a Post-Pandemic World

Vaibhav March 10, 2026
Kubernetes-and-Cloud-SQL-Vulnerabilities-Exposed-in-Sophisticated-Cryptocurrency-Heists-1

Kubernetes and Cloud SQL Vulnerabilities Exposed in Sophisticated Cryptocurrency Heists

Vaibhav March 10, 2026
Uncovering-the-Stealthy-Data-Thief-A-Decade-of-Secret-Surveillance

Uncovering the Stealthy Data Thief: A Decade of Secret Surveillance

Vaibhav March 10, 2026
Microsoft-Enables-Windows-Hotpatch-Security-Updates-by-Default-for-Enhanced-Security-and-Reliability

Microsoft Enables Windows Hotpatch Security Updates by Default for Enhanced Security and Reliability

Vaibhav March 10, 2026
en_USEnglish
en_USEnglish