ShinyHunters claims more high-profile victims in latest Salesforce customers data heist

ShinyHunters told The Register that it has stolen data from about 100 high-profile companies in its latest Salesforce customer data heist, including Salesforce itself.

"Have stolen data from almost 400 websites and about 100 essential high profile companies Snowflake, Okta, Lastpass, Salesforce itself, Sony, AMD, and a lot more," a ShinyHunters spokesperson told us, adding that the "recon and exploitation has been going on for several months now." 

This follows a Saturday warning from Salesforce that a "known threat actor group" is actively scanning for - and then breaking into and stealing data from - public-facing Experience Cloud sites using a modified version of a Mandiant-developed free scanning tool.

A Salesforce spokesperson declined to answer The Register's questions about the latest data-theft campaign, including how many customers are affected and if ShinyHunters is behind the illicit access. 

"This issue is not due to any vulnerability inherent to the Salesforce platform, but ...