HackRead reports:
ShinyHunters, the notorious group of hackers, has issued a final warning to roughly 400 organizations, claiming to have successfully broken into their private records. The group is threatening to leak this sensitive information onto the internet unless their extortion demands are met. According to previous research firm Mandiant, the hackers are specifically targeting websites built using Salesforce Experience Cloud, a popular tool businesses use to create public portals and help centres.
The issue centers on how these websites are set up for public use. Salesforce provides a guest user profile so that random visitors can see basic information without needing to log in. However, if a company’s settings are too open, it essentially leaves a security gap. Investigation has revealed that the hackers used a modified version of a tool called Aura Inspector to scan the web and find these gaps.
Read more at HackRead.
