Salesforce Aura Data Theft

Salesforce Aura Data Theft

From State of Cybercrime by Varonis, Matt Radolec, David Gibson

March 20, 2026 · 30 min · Season 3 · Episode 34

About this episode

The episode discusses the recent Salesforce data theft by ShinyHunters and explores AI security risks and LLM platform dynamics.

ShinyHunters has once again placed Salesforce customers in their crosshairs – this time abusing guest user misconfigurations in public-facing Experience Cloud sites. The group claims to have compromised 400 organizations by pairing these overly-permissive settings with a modified version of the AuraInspector auditing tool to query Salesforce CRM objects without authentication. Join Matt and David for the latest episode of State of Cybercrime as they break down how this campaign fits squarely into the ShinyHunters playbook. They will also explore emerging AI security risks and examine the shifting momentum in the race to define the dominant LLM platform.

People in this episode

Hosts: Matt Radolec, David Gibson

Topics covered

  • data theft
  • cybersecurity
  • AI security risks
  • Salesforce
  • ShinyHunters
  • LLM platforms

Keywords

  • Salesforce
  • data theft
  • ShinyHunters
  • AuraInspector
  • AI security
  • Experience Cloud
  • cybercrime

Mentioned in this episode

Organizations: Salesforce, ShinyHunters, Experience Cloud, Salesforce CRM

Products: AuraInspector

More episodes of State of Cybercrime

Explore listener stats, chart rankings, contacts and more on the State of Cybercrime podcast page.