importantSYS.SOURCE: The Hacker News• 2026-07-14T11:49:24+05:30
Microsoft Identifies Three Attack Vectors Linked to ShinyHunters in Year-Long Salesforce Data Theft Campaign
Microsoft identified three attack vectors used by ShinyHunters to exfiltrate Salesforce data over a year, leveraging OAuth trust relationships, stolen tokens from vendors, and misconfigured guest access. The collaboration with Salesforce introduced enhanced detection capabilities through Defender for Cloud Apps and real-time event monitoring.
Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform.
The way in has been the trust the organization had already extended, usually through the OAuth connections that tie Salesforce to the apps and third-party vendors around it.
In
*** END OF TRANSMISSION ***