The threat actor ShinyHunters has claimed responsibility for ongoing data theft attacks targeting Salesforce Experience Cloud platforms. The attacks exploit misconfigured guest user profiles, allowing unauthorized access to sensitive data via the /s/sfsites/aura API endpoint. While Salesforce states the platform is secure and the issue stems from customer misconfigurations, ShinyHunters claims to have compromised hundreds of companies, including those in the cybersecurity sector, by exploiting vulnerabilities in access control settings and API query limitations.