ShinyHunters Breaches Reveal Shift to Credential-Based Cyberattacks
Summary
This article analyzes the evolving tactics of the ShinyHunters threat group, highlighting a shift from traditional exploit-based attacks to credential-driven access methods. It details breaches at major organizations including University of Nottingham, DentaQuest, 7-Eleven, Medtronic, and Wynn Resorts, linked to compromised Salesforce environments, Snowflake customers, and Okta identity platforms. Key attack vectors include stolen credentials, OAuth token abuse, MFA fatigue via vishing, social engineering, and misconfigured guest access in cloud platforms like Salesforce Experience Cloud.
Source
Key quotes
· 3 pulledThe playbook has shifted from exploiting unpatched systems or deploying malware to logging in.
Repeated tactics include infostealer-harvested credentials, MFA fatigue via vishing, compromised SaaS integrations, OAuth token abuse, excessive cloud permissions, misconfigured identity and guest access, third-party trust exploitation, and help desk impersonation.
In a Salesforce Experience Cloud campaign, overly permissive guest-user configurations enabled CRM data extraction from public-facing portals, attributed to identity and access misconfiguration rather than a platform vulnerability.
You might also wanna read
Google Confirms Data Breach in Salesforce CRM Theft Campaign by ShinyHunters
Google has become the latest victim of a data breach in a series of Salesforce CRM data theft attacks orchestrated by the ShinyHunters extor
ShinyHunters defaces school Canvas login pages after Instructure data breach
Education tech company Instructure disclosed a data breach where hackers stole student names, emails, and teacher-student messages. The cybe

Vercel Cloud Platform Hacked via Compromised Third-Party AI Tool
Vercel, a major cloud development platform, was hacked by the ShinyHunters group, who stole employee data including names, email addresses,
Checkout.com Responds to Cyber Extortion Attempt Targeting Legacy System
Checkout.com experienced a cyber extortion attempt by the criminal group 'ShinyHunters' who gained unauthorized access to a legacy third-par
checkout.com·7mo agoPornHub Premium Member Data Stolen in Mixpanel Breach, Extortion Attempt by ShinyHunters
PornHub is being extorted by the ShinyHunters gang after hackers stole Premium member search and watch history data through a breach at anal


Comments
Sign in to join the conversation.
No comments yet. Be the first.