ShinyHunters exploit hits Okta, Snowflake.

ShinyHunters, a financially motivated black-hat hacking group, has been active since around 2019, gaining notoriety for data theft and extortion. They steal data, offer it for sale on cybercrime forums, and allow victims to pay to prevent public disclosure. The group's tactics evolved from targeting individual consumer platforms to compromising cloud infrastructure. In 2024, they exploited stolen credentials and a lack of multi-factor authentication to access Snowflake customer instances. This highlighted that the weakest link is often not the platform itself but rather customer misconfigurations. ShinyHunters has been linked to breaches at Okta, LastPass, AMD, Sony, and Salesforce. They've claimed to have stolen data from hundreds of organizations. They also use social engineering and AI-powered voice phishing to gain unauthorized access to SSO platforms. Salesforce issued a warning about an ongoing campaign targeting customers using misconfigured Experience Cloud platforms. ShinyHunters is using a modified version of the AuraInspector tool to scan for vulnerabilities and extract data. The attacks exploit overly permissive guest user settings, allowing direct queries of Salesforce CRM objects without login.