ShinyHunters claims yet another Salesforce customers breach • The Register
ShinyHunters claims yet another Salesforce customers breach • The Register
https://www.theregister.com/2026/03/09/shinyhunters_claims_more_highprofile_victims/
Publish Date: 2026-03-09 14:30:00
Source Domain: www.theregister.com
ShinyHunters told The Register that it has stolen data from about 100 high-profile companies in its latest Salesforce customer data heist, including Salesforce itself.
“Have stolen data from almost 400 websites and about 100 essential high profile companies Snowflake, Okta, Lastpass, Salesforce itself, Sony, AMD, and a lot more,” a ShinyHunters spokesperson told us, adding that the “recon and exploitation has been going on for several months now.”
This follows a Saturday warning from Salesforce that a “known threat actor group” is actively scanning for – and then breaking into and stealing data from – public-facing Experience Cloud sites using a modified version of a Mandiant-developed free scanning tool.
A Salesforce spokesperson declined to answer The Register’s questions about the latest data-theft campaign, including how many customers are affected and if ShinyHunters is behind the illicit access.
“This issue is not due to any vulnerability inherent to the Salesforce platform, but rather Experience Cloud sites where a guest user profile has been inadvertently configured with overly broad permissions,” the spokesperson said, directing us and its customers to this security advisory site for updates on the threat activity.
“We have provided customers with guidance to restrict guest user access to help safeguard their sites,” the spokesperson added.
The Register also reached out to Snowflake, Okta, LastPass, Sony, and AMD for comment, and will update this story as we hear back from them.
Salesforce has been a longtime target of the extortion crew, which has stolen data from hundreds of the CRM giant’s customers in a series of attacks over the past year. ShinyHunters was also the crew behind the 2024 Snowflake customers’ database intrusions.
A LastPass spokesperson told us that they are aware of this…
