ShinyHunters Group Targets Salesforce Experience Cloud Sites

The ShinyHunters group has claimed responsibility for a new campaign targeting Salesforce Experience Cloud sites, though Salesforce confirmed the attack was conducted by unnamed malicious actors. The attackers exploited a modified version of the open-source tool Aura Inspector rather than a vulnerability in the Salesforce platform itself. Salesforce’s security team identified the campaign, which aims to access customer data through misconfigured or abused access controls. No specific dates, technical indicators, or impacted customer numbers were disclosed. The attack leverages misconfigurations rather than a software flaw to facilitate data theft.