Salesforce issued a security advisory for Experience Cloud customers after the ShinyHunters extortion gang claimed to be actively exploiting a bug to steal data.
The company clarified that the issue is not a platform vulnerability. Instead, the risk stems from customer-configured guest user settings that grant excessive permissions.
Hackers allege they are using a new method to bypass record query limits and have been exploiting the flaw discreetly. Salesforce confirmed that a modified version of an open-source auditing tool was used for mass scanning of public-facing Experience Cloud sites.
Administrators must audit these permissions immediately. Salesforce recommends specific mitigation actions, such as disabling guest access to public APIs.