Salesforce Security said in a blog post on March 7 that "customers' overly permissive" Salesforce Experience Cloud guest user settings are being used by hackers to steal sensitive data. Salesforce said that this problem has nothing to do with a flaw in its platform and that Salesforce is still safe. The blog post said, "Our investigation so far shows that this activity is connected to a guest user setting that the customer set up."
Over the past year or so, Salesforce instances have been the target of many different campaigns. The most well-known financially motivated threat groups, like ShinyHunters, used social engineering attacks to target Salesforce instances starting last summer.
Ford says, "In the last five to ten years, we've seen a lot of SaaS security startups that focus on permissions for human and NHI accounts, the scope of those permissions, and the age and use of those credentials." "Companies need to look over their integrations and account access patterns and make them more secure. They should also set IP integration limits where they can and use the most up-to-date reference patterns for authentication and authorization for their integrations."
