banner1
Logo Blinking Image
banner2

HOME
Breaking News

Salesforce warns hackers targeting websites running misconfigured Experience Cloud platforms

by VARINDIA 2026-03-14
Salesforce warns hackers targeting websites running misconfigured Experience Cloud platforms

Salesforce has warned customers that hackers are targeting websites running misconfigured Experience Cloud platforms that may allow guest users to access more data than intended. Meanwhile, the ShinyHunters extortion group claims it is actively exploiting a newly discovered vulnerability to steal data from affected instances.

To help customers protect themselves, Salesforce has issued guidance on defending against attacks focused on the /s/sfsites/aura API endpoint in misconfigured Experience Cloud deployments. According to the company, attackers are using a modified version of AuraInspector, an open-source auditing tool developed by Mandiant, which helps administrators detect access-control misconfigurations within the Salesforce Aura framework.

"It is important to note that Salesforce remains secure, and this issue is not due to any vulnerability inherent to our platform. Our investigation to date confirms that this activity relates to a customer-configured guest user setting, not a platform security flaw," Salesforce says in the advisory.

 

The company explains that a publicly exposed Salesforce Experience site accepts a "guest user profile" to provide anonymous, unauthenticated visitors with access to data intended to be public. If the profile is misconfigured and has excessive permissions, visitors can "directly query Salesforce CRM objects without logging in."

The company recommends customers take the following set of immediate actions:

 

·         Audit guest user permissions and reduce them to the minimum required.

·         Set org-wide defaults to Private for external access.

·         Turn off Portal User Visibility and Site User Visibility so guest users cannot enumerate internal users.

·         Disable self-registration unless it is truly needed, because exposed guest data could be used to create portal accounts and expand access.

System administrators should also review Aura Event Monitoring logs for unusual access patterns, unfamiliar IP addresses, or queries against objects that should not be public, and designate a Security Contact so Salesforce can notify the right person quickly.

 
 
er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Acronis Finds Spyware Hidden in Fake Red Alert App

Acronis Finds Spyware Hidden in Fake Red Alert App

Global cyber threats remain elevated in February 2026 despite drop in ransomware cases

Global cyber threats remain elevated in February 2026 despite drop in ransomware cases

Cohesity enhances Data Security portfolio with Cyera DSPM to strengthen cyber resilience

Cohesity enhances Data Security portfolio with Cyera DSPM to strengthen cyber resilience

SOFTWARE
View All
Amazon brings sharp humour and sarcasm to Alexa+ by adding 'Sassy' personality

Amazon brings sharp humour and sarcasm to Alexa+ by adding 'Sassy' personality

ADDA.io introduces industry-first DPDP Act compliant consent manager for housing societies

ADDA.io introduces industry-first DPDP Act compliant consent manager for housing societies

Agora removes barriers to scalable voice AI agents

Agora removes barriers to scalable voice AI agents

START - UP
View All
JetStream Launches With $34M to Govern Enterprise AI

JetStream Launches With $34M to Govern Enterprise AI

Deepinder Goyal’s ‘Temple’ Secures Rs.491 Cr at Rs.1,730 Cr Valuation

Deepinder Goyal’s ‘Temple’ Secures Rs.491 Cr at Rs.1,730 Cr Valuation

upGrad Expands Ecosystem with Internshala Acquisition

upGrad Expands Ecosystem with Internshala Acquisition

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
fc
Start-Up and Unicorn Ecosystem
Handala Cyberattack Disrupts Stryker Systems

Handala Cyberattack Disrupts Stryker Systems

Keysight expands digital-layer validation for 1.6T interconnects in AI data centers

Keysight expands digital-layer validation for 1.6T interconnects in AI data centers

Wipro to help TruStage transform its retirement services business

Wipro to help TruStage transform its retirement services business

NXP CoreRide puts Automakers on Fast Path to 48 V Scalable Zonal Architectures

NXP CoreRide puts Automakers on Fast Path to 48 V Scalable Zonal Architectures

Middle East War Risks Chip Supply

Middle East War Risks Chip Supply

Hikstorage Empowers Efficient Digital Life with Comprehensive Storage Solutions

Hikstorage Empowers Efficient Digital Life with Comprehensive Storage Solutions

Honeywell and IIT Bombay set up CoE to advance sustainability skills and innovation

Honeywell and IIT Bombay set up CoE to advance sustainability skills and innovation

Smart Glasses Face Recognition Raises Privacy Concerns

Smart Glasses Face Recognition Raises Privacy Concerns

Safe Harbour Reset : A 'game-changer moment' for India's IT Services Sector

Safe Harbour Reset : A 'game-changer moment' for India's IT Services Sector

FROM DIALOGUE TO DESTINY: INDIA REWRITES THE GLOBAL AI SCRIPT

FROM DIALOGUE TO DESTINY: INDIA REWRITES THE GLOBAL AI SCRIPT

dsf