Tag: salesforce
42 articles

Microsoft Tracks ShinyHunters' Salesforce Data Theft Via OAuth Flaws
Microsoft uncovered a sneaky year-long operation by the ShinyHunters extortion group, who exploited trust in Salesforce's OAuth system to steal sensitive data, using clever vishing tactics to trick employees into granting access to a malicious app. The attackers posed as IT support, convincing victims to authorize a fake Data Loader tool that allowed them to make API calls and search for valuable credentials.

Human Error Exposes Security Breaches Despite AI Advances
Despite advancements in AI, human error continues to expose security breaches, as seen in a recent Salesforce supply-chain compromise where a legacy credential was exploited. A company called Klue, which integrates with Salesforce, was compromised when attackers used OAuth tokens to access customer data.

LastPass Breach Exposes Customer Data in Supply Chain Hack
LastPass recently discovered a security incident at Klue, a third-party platform they use, which led to an unauthorized actor accessing some customer data through its Salesforce environment. Fortunately, customer vaults and core products remain secure, and swift action has been taken to mitigate the breach.

Icarus Hack Exposes Hundreds of Firms in Supply-Chain Breach
On June 11, a massive supply chain breach occurred when hackers exploited a weak link at Klue, a market intelligence provider used by over 250,000 companies worldwide, gaining access to sensitive data across hundreds of firms. The attackers used a compromised legacy credential to obtain OAuth tokens and infiltrate connected customer environments.

Klue Breach Exposes Cybersecurity Firms to OAuth Token Abuse
A single compromised credential led to a massive security breach at Klue, allowing an unauthorized actor to exploit OAuth tokens and gain access to sensitive customer data on third-party platforms like Salesforce. This incident highlights the growing threat of OAuth token abuse and the need for robust cybersecurity measures.

Klue OAuth Breach Expands as Icarus Hackers Claim Multiple Victims
Klue's CEO Jason Smith revealed that on June 12, unauthorized activity was detected in their integration infrastructure, prompting a thorough investigation with cybersecurity experts to understand the breach and support affected customers. The incident allowed hackers to steal OAuth tokens through a compromised legacy credential, impacting connections to third-party platforms like Salesforce.

Salesforce Disables Klue App Over OAuth Token Abuse
Salesforce has taken swift action to protect its customers by disabling the Klue Battlecards app integration after detecting unusual activity that may have led to unauthorized access to some customer data. This move ensures the security of the Salesforce platform, which remains unaffected by a vulnerability.

ShinyHunters Breach Exposes 137,000 Infinite Campus Staff Accounts
A massive data breach at Infinite Campus has exposed the sensitive information of 137,000 staff members, including names, email addresses, phone numbers, and physical addresses, after the ShinyHunters extortion group hacked into the company's Salesforce instance. The stolen data has been published online, putting staff at risk of identity theft and phishing scams.

Charter Communications Breach Exposes 4.9 Million Accounts
A shocking data breach at Charter Communications has left 4.9 million customer accounts vulnerable, with hackers gaining access to sensitive information including names, email addresses, phone numbers, and physical addresses. The breach occurred after a clever voice phishing attack on April 1 allowed cybercriminals to tap into the company's Salesforce database.

ShinyHunters Fuel Surge in Data Leaks
Meet the ShinyHunters, a notorious group behind a surge in public data leaks, who team up with The Com to scam victims out of cloud system access and then hold their data for ransom. This duo's alarming tactic has resulted in a steady stream of sensitive information being dumped into the public domain.

OAuth Grants Expose Hidden Attack Vector in Enterprise Workspaces
Unmanaged OAuth grants are a ticking time bomb in enterprise workspaces, with 80% of security leaders recognizing them as a critical or significant risk. A recent attack by threat actor UNC6395 exploited valid OAuth refresh tokens to breach Salesforce environments of over 700 organizations, highlighting the devastating consequences of neglecting OAuth security.

McGraw Hill Data Leak Exposes 13.5M Records After Salesforce Misconfiguration
McGraw Hill, a leading publisher of educational materials, recently suffered a significant data leak, exposing a staggering 13.5 million records due to a misconfigured Salesforce-hosted page. This alarming breach highlights the importance of robust data security measures, even for companies with a traditional focus like textbook publishing.

McGraw Hill Breach Exposes 13.5 Million User Accounts
A massive data breach at McGraw Hill has exposed the personal and academic records of 13.5 million students and educators, leaving them vulnerable to exploitation by the ShinyHunters extortion group. The breach, which targeted McGraw Hill's Salesforce environment, has raised urgent concerns about digital security and data protection in the education sector.

McGraw Hill Breach Exposed by Salesforce Setup Flaw
A configuration error in Salesforce, a widely used customer relationship management platform, led to a data breach at McGraw Hill, exposing customer data and raising questions about vendor services and data stewardship. The incident highlights the importance of proper setup and management of third-party services to protect sensitive information.

McGraw-Hill Breach Exposes Internal Data After Salesforce Hack
McGraw-Hill recently confirmed a data breach after hackers exploited a Salesforce misconfiguration, exposing internal data and highlighting the risks of cloud security gaps. The breach followed an extortion threat, serving as a stark reminder of the importance of robust digital defenses.

Popular Python libraries: Stunning Hugging Face danger
Think twice before blindly loading Hugging Face models: researchers found attackers can hide executable Python code in file metadata and malformed pickles so a downloaded model can automatically run malicious payloads. With major libraries and millions of downloads affected, this stealthy supply‑chain trick puts countless projects and machines at risk.

Gainsight Cyber-Attack Exclusive: Critical Salesforce Hit
A Gainsight cyber attack has critically hit Salesforce—here’s what happened and the immediate steps you need to protect your data and your org.

Gainsight Exclusive: Critical Hack Risks Salesforce Clients
Urgent heads-up: a critical Gainsight hack could expose Salesforce clients’ data—here’s what happened and how to protect your systems.

Scattered Spider Exclusive: Dangerous Unified Collective
Imagine low‑tech social engineering and SIM swaps teaming up with mass data brokers — that’s Scattered Spider, ShinyHunters and LAPSUS$ fusing tactics to turn bulk theft into pinpoint extortion. Security teams and cloud customers now face a hybrid, high‑leverage threat targeting SaaS platforms like Salesforce.

ShinyHunters Exclusive: Damaging Corporate Extortion Wave
The ShinyHunters campaign has escalated from quiet database dumps to brazen public extortion—naming victims, posting timetables, and using voice‑phishing plus massive file thefts that could turn single breaches into a supply‑chain crisis. Corporations now face a stark choice: pay ransoms or risk a public dump of sensitive customer and corporate data.

ShinyHunters extortion: Stunning Risky Corporate Threat
Imagine waking up to find your company’s secrets posted online unless you pay up — that’s the stark reality dozens of firms now face after ShinyHunters launched a brazen public extortion site. This escalation — tied to prior Salesforce, Discord, and Red Hat breaches — raises the stakes for stronger security, faster incident response, and clearer vendor transparency.

ShinyHunters Exclusive: Dangerous Corporate Extortion
ShinyHunters has escalated from voice‑phishing to a public extortion site threatening to dump data from dozens of Fortune 500 companies. That shift puts customers and companies at risk and makes strengthening human‑centric defenses and zero‑trust controls urgently necessary.

BreachForums Stunning Win: Risky Yet Crucial Takedown
U.S. and French authorities have shut down the latest BreachForums marketplace, a welcome blow to a forum that trafficked stolen data and coordinated extortion. But while the takedown disrupts criminals and helps victims, the real test is whether arrests and sustained action can stop cybercriminals from just reappearing elsewhere.

extortion attempt: Exclusive Risky Refusal Shakes Trust
When an extortionist claimed nearly a billion Salesforce records were stolen, the company made a bold choice: no negotiation, no payment. That stance forces customers and the industry to balance short-term harm against the long-term need to deter cybercrime.