#6
The Hacker News
general
July 14, 2026 at 06:19 UTC
Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths
By [email protected] (The Hacker News)
AI Summary
Microsoft has mapped a year-long Salesforce data theft campaign by actors whose TTPs align with ShinyHunters, conducted entirely through abuse of OAuth trust relationships rather than Salesforce platform vulnerabilities. Attackers exploited OAuth connections between Salesforce and third-party integrations across three distinct attack paths, allowing persistent access to corporate data without triggering platform-level alerts. This highlights the risk of implicit trust granted to OAuth-connected third-party applications in enterprise SaaS environments.
Relevance score: 84.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →