Security · 2h ago
Microsoft Reveals Year-Long Salesforce Data Theft via OAuth Abuse
Attackers linked to ShinyHunters spent a year stealing data from Salesforce environments by abusing OAuth connections, not exploiting platform flaws. Microsoft's investigation found the attackers leveraged trusted third-party integrations to access corporate data. The campaign highlights risks in OAuth trust models, not Salesforce vulnerabilities.
Meridian48 take
The story underscores that even robust platforms can be compromised through trusted integrations, shifting the security burden to OAuth management.
Read the full reporting
Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths →
The Hacker News
salesforce-breachoauth-abuse