Skip to main content

Tag: salesforce

42 articles

Business setting with laptop on desk, papers and supplies nearby, and CRM system on screen.

Microsoft Tracks ShinyHunters' Salesforce Data Theft Via OAuth Flaws

Microsoft uncovered a sneaky year-long operation by the ShinyHunters extortion group, who exploited trust in Salesforce's OAuth system to steal sensitive data, using clever vishing tactics to trick employees into granting access to a malicious app. The attackers posed as IT support, convincing victims to authorize a fake Data Loader tool that allowed them to make API calls and search for valuable credentials.

Analyst 207
Office workstation with laptop and CRM software, overlooking cityscape through large window.

Human Error Exposes Security Breaches Despite AI Advances

Despite advancements in AI, human error continues to expose security breaches, as seen in a recent Salesforce supply-chain compromise where a legacy credential was exploited. A company called Klue, which integrates with Salesforce, was compromised when attackers used OAuth tokens to access customer data.

Analyst 207
Worker's desk with desktop computer, papers, and blurred screen in bright office setting.

LastPass Breach Exposes Customer Data in Supply Chain Hack

LastPass recently discovered a security incident at Klue, a third-party platform they use, which led to an unauthorized actor accessing some customer data through its Salesforce environment. Fortunately, customer vaults and core products remain secure, and swift action has been taken to mitigate the breach.

Analyst 207
Modern office setting with computer servers and symbolic breach objects.

Icarus Hack Exposes Hundreds of Firms in Supply-Chain Breach

On June 11, a massive supply chain breach occurred when hackers exploited a weak link at Klue, a market intelligence provider used by over 250,000 companies worldwide, gaining access to sensitive data across hundreds of firms. The attackers used a compromised legacy credential to obtain OAuth tokens and infiltrate connected customer environments.

Analyst 207
Cloud-based software integration hub with OAuth token authorization prompt on laptop screen.

Klue Breach Exposes Cybersecurity Firms to OAuth Token Abuse

A single compromised credential led to a massive security breach at Klue, allowing an unauthorized actor to exploit OAuth tokens and gain access to sensitive customer data on third-party platforms like Salesforce. This incident highlights the growing threat of OAuth token abuse and the need for robust cybersecurity measures.

Analyst 207
Server room with equipment racks, cables, and blurred monitors.

Klue OAuth Breach Expands as Icarus Hackers Claim Multiple Victims

Klue's CEO Jason Smith revealed that on June 12, unauthorized activity was detected in their integration infrastructure, prompting a thorough investigation with cybersecurity experts to understand the breach and support affected customers. The incident allowed hackers to steal OAuth tokens through a compromised legacy credential, impacting connections to third-party platforms like Salesforce.

Analyst 207
Brightly-lit tech headquarters with a hint of concern, daylight shining through a large window and blurred computer screens…

Salesforce Disables Klue App Over OAuth Token Abuse

Salesforce has taken swift action to protect its customers by disabling the Klue Battlecards app integration after detecting unusual activity that may have led to unauthorized access to some customer data. This move ensures the security of the Salesforce platform, which remains unaffected by a vulnerability.

Analyst 207
School office with computer workstation and papers, blurred cityscape in background.

ShinyHunters Breach Exposes 137,000 Infinite Campus Staff Accounts

A massive data breach at Infinite Campus has exposed the sensitive information of 137,000 staff members, including names, email addresses, phone numbers, and physical addresses, after the ShinyHunters extortion group hacked into the company's Salesforce instance. The stolen data has been published online, putting staff at risk of identity theft and phishing scams.

Analyst 207
Concerned customer surrounded by paperwork and communication equipment.

Charter Communications Breach Exposes 4.9 Million Accounts

A shocking data breach at Charter Communications has left 4.9 million customer accounts vulnerable, with hackers gaining access to sensitive information including names, email addresses, phone numbers, and physical addresses. The breach occurred after a clever voice phishing attack on April 1 allowed cybercriminals to tap into the company's Salesforce database.

Analyst 207
Cloud storage workstation with blank laptop screen and keyboard, symbolizing a data breach.

ShinyHunters Fuel Surge in Data Leaks

Meet the ShinyHunters, a notorious group behind a surge in public data leaks, who team up with The Com to scam victims out of cloud system access and then hold their data for ransom. This duo's alarming tactic has resulted in a steady stream of sensitive information being dumped into the public domain.

Analyst 207
Computer screen displays OAuth integration interface in a CRM workspace.

OAuth Grants Expose Hidden Attack Vector in Enterprise Workspaces

Unmanaged OAuth grants are a ticking time bomb in enterprise workspaces, with 80% of security leaders recognizing them as a critical or significant risk. A recent attack by threat actor UNC6395 exploited valid OAuth refresh tokens to breach Salesforce environments of over 700 organizations, highlighting the devastating consequences of neglecting OAuth security.

Analyst 207
Shattered padlock and scattered papers near laptop glow, cityscape visible through cracked window, conveying vulnerability.

McGraw Hill Data Leak Exposes 13.5M Records After Salesforce Misconfiguration

McGraw Hill, a leading publisher of educational materials, recently suffered a significant data leak, exposing a staggering 13.5 million records due to a misconfigured Salesforce-hosted page. This alarming breach highlights the importance of robust data security measures, even for companies with a traditional focus like textbook publishing.

Analyst 207
Cracked laptop screen with ghostly face, cityscape, and shattered coffee cup spills coffee on papers, symbolizing data…

McGraw Hill Breach Exposes 13.5 Million User Accounts

A massive data breach at McGraw Hill has exposed the personal and academic records of 13.5 million students and educators, leaving them vulnerable to exploitation by the ShinyHunters extortion group. The breach, which targeted McGraw Hill's Salesforce environment, has raised urgent concerns about digital security and data protection in the education sector.

Analyst 207
Abandoned server room with vulnerable laptop and ghostly face on cracked screen.

McGraw Hill Breach Exposed by Salesforce Setup Flaw

A configuration error in Salesforce, a widely used customer relationship management platform, led to a data breach at McGraw Hill, exposing customer data and raising questions about vendor services and data stewardship. The incident highlights the importance of proper setup and management of third-party services to protect sensitive information.

Analyst 207
Shattered laptop screen on industrial floor with code fragments and cityscape in background.

McGraw-Hill Breach Exposes Internal Data After Salesforce Hack

McGraw-Hill recently confirmed a data breach after hackers exploited a Salesforce misconfiguration, exposing internal data and highlighting the risks of cloud security gaps. The breach followed an extortion threat, serving as a stark reminder of the importance of robust digital defenses.

Analyst 207
Eerie library with robotic face mask surrounded by broken devices and tangled wires.

Popular Python libraries: Stunning Hugging Face danger

Think twice before blindly loading Hugging Face models: researchers found attackers can hide executable Python code in file metadata and malformed pickles so a downloaded model can automatically run malicious payloads. With major libraries and millions of downloads affected, this stealthy supply‑chain trick puts countless projects and machines at risk.

Analyst 207
Gainsight Cyber-Attack Exclusive: Critical Salesforce Hit

Gainsight Cyber-Attack Exclusive: Critical Salesforce Hit

A Gainsight cyber attack has critically hit Salesforce—here’s what happened and the immediate steps you need to protect your data and your org.

Analyst 207
Gainsight Exclusive: Critical Hack Risks Salesforce Clients

Gainsight Exclusive: Critical Hack Risks Salesforce Clients

Urgent heads-up: a critical Gainsight hack could expose Salesforce clients’ data—here’s what happened and how to protect your systems.

Analyst 207
Scattered Spider Exclusive: Dangerous Unified Collective

Scattered Spider Exclusive: Dangerous Unified Collective

Imagine low‑tech social engineering and SIM swaps teaming up with mass data brokers — that’s Scattered Spider, ShinyHunters and LAPSUS$ fusing tactics to turn bulk theft into pinpoint extortion. Security teams and cloud customers now face a hybrid, high‑leverage threat targeting SaaS platforms like Salesforce.

Analyst 207
ShinyHunters Exclusive: Damaging Corporate Extortion Wave

ShinyHunters Exclusive: Damaging Corporate Extortion Wave

The ShinyHunters campaign has escalated from quiet database dumps to brazen public extortion—naming victims, posting timetables, and using voice‑phishing plus massive file thefts that could turn single breaches into a supply‑chain crisis. Corporations now face a stark choice: pay ransoms or risk a public dump of sensitive customer and corporate data.

Analyst 207
ShinyHunters extortion: Stunning Risky Corporate Threat

ShinyHunters extortion: Stunning Risky Corporate Threat

Imagine waking up to find your company’s secrets posted online unless you pay up — that’s the stark reality dozens of firms now face after ShinyHunters launched a brazen public extortion site. This escalation — tied to prior Salesforce, Discord, and Red Hat breaches — raises the stakes for stronger security, faster incident response, and clearer vendor transparency.

Analyst 207
ShinyHunters Exclusive: Dangerous Corporate Extortion

ShinyHunters Exclusive: Dangerous Corporate Extortion

ShinyHunters has escalated from voice‑phishing to a public extortion site threatening to dump data from dozens of Fortune 500 companies. That shift puts customers and companies at risk and makes strengthening human‑centric defenses and zero‑trust controls urgently necessary.

Analyst 207
BreachForums Stunning Win: Risky Yet Crucial Takedown

BreachForums Stunning Win: Risky Yet Crucial Takedown

U.S. and French authorities have shut down the latest BreachForums marketplace, a welcome blow to a forum that trafficked stolen data and coordinated extortion. But while the takedown disrupts criminals and helps victims, the real test is whether arrests and sustained action can stop cybercriminals from just reappearing elsewhere.

Analyst 207
extortion attempt: Exclusive Risky Refusal Shakes Trust

extortion attempt: Exclusive Risky Refusal Shakes Trust

When an extortionist claimed nearly a billion Salesforce records were stolen, the company made a bold choice: no negotiation, no payment. That stance forces customers and the industry to balance short-term harm against the long-term need to deter cybercrime.

Analyst 207