Salesforce Issues Experience Cloud Security Warning
Salesforce issued a security alert on March 9, 2026, warning customers about ongoing attacks targeting misconfigured Experience Cloud platforms. The company confirmed that hackers are exploiting configuration weaknesses that grant guest users excessive data access permissions.
The ShinyHunters extortion group has claimed responsibility for actively exploiting what they describe as a new vulnerability to steal data from Salesforce instances. Security researchers are investigating these claims while Salesforce works to contain the exposure.
Experience Cloud Customers at Risk
Organizations using Salesforce Experience Cloud with guest user access are potentially affected. The misconfiguration allows unauthorized users to access customer records, contact information, and other sensitive data stored within Salesforce instances.
Companies that haven't properly configured guest user permissions face the highest risk. Salesforce hasn't disclosed the exact number of affected customers or instances.
Immediate Configuration Review Required
Salesforce is urging customers to immediately review their Experience Cloud guest user permissions and access controls. The company recommends auditing all guest user profiles to ensure they only have access to intended data.
Organizations should verify that guest users can't access sensitive customer records or internal data through misconfigured sharing rules. Salesforce is working with affected customers to implement proper security configurations and prevent further unauthorized access.
