
Salesforce Aura Data Theft
From State of Cybercrime by Varonis, Matt Radolec, David Gibson
March 20, 2026 · 30 min · Season 3 · Episode 34
About this episode
The episode discusses the recent Salesforce data theft by ShinyHunters and explores AI security risks and LLM platform dynamics.
ShinyHunters has once again placed Salesforce customers in their crosshairs – this time abusing guest user misconfigurations in public-facing Experience Cloud sites. The group claims to have compromised 400 organizations by pairing these overly-permissive settings with a modified version of the AuraInspector auditing tool to query Salesforce CRM objects without authentication. Join Matt and David for the latest episode of State of Cybercrime as they break down how this campaign fits squarely into the ShinyHunters playbook. They will also explore emerging AI security risks and examine the shifting momentum in the race to define the dominant LLM platform.
People in this episode
Hosts: Matt Radolec, David Gibson
Topics covered
- data theft
- cybersecurity
- AI security risks
- Salesforce
- ShinyHunters
- LLM platforms
Keywords
- Salesforce
- data theft
- ShinyHunters
- AuraInspector
- AI security
- Experience Cloud
- cybercrime
Mentioned in this episode
Organizations: Salesforce, ShinyHunters, Experience Cloud, Salesforce CRM
Products: AuraInspector
More episodes of State of Cybercrime
- The Canvas Breach · May 19, 2026 · 30 min
- The Axios Supply Chain Attack · April 10, 2026 · 43 min
- OpenClaw & Moltbook (w/ Moriah Hara!) · February 14, 2026 · 43 min
- The React2Shell Crisis · December 15, 2025 · 23 min
- AI-Powered Espionage · November 24, 2025 · 24 min
- Black Hat Cartels · October 31, 2025 · 23 min
Explore listener stats, chart rankings, contacts and more on the State of Cybercrime podcast page.