RevOps

400 Salesforce Companies Hacked

400 Salesforce companies hacked. Do this to protect yourself.
Jordan Nelson
Jordan Nelson
April 23, 2026

Read Time: 1.5 Minutes

400 Salesforce orgs got breached over the last month.

Not a hack.

Not a zero-day.

Just a setting someone forgot to check.

ShinyHunters ran a mass scan of Experience Cloud sites and found 300 to 400 orgs with the same misconfiguration.

FINRA issued a cybersecurity alert about it this week.

Here's the part every RevOps leader needs to hear:

👉 This is NOT a Salesforce platform vulnerability.

It's a guest user config mistake.

Any org could have it right now. Yours included.

What actually happened

Salesforce Experience Cloud lets you spin up:

  • portals
  • partner portals
  • customer communities
  • help centers

Each one gets a "guest user" profile.

That profile controls what an unauthenticated visitor can see and do.

If it's too permissive attackers can:

  • read records
  • Query data
  • Pivot deeper

No credentials needed.

That's exactly what ShinyHunters exploited.

At scale.

Why this keeps happening

Guest user access gets set once...then forgotten.

Most orgs we audit have at least 1 over permissive guest profile.

Usually from:

  • A portal built 2 years ago for a project that shipped once
  • A partner community nobody maintains
  • A "temporary" community site that never got turned off

Nothing looks broken. So nobody looks.

Until 400 companies get breached in a month.

3 things to check today

You don't need your security team for this.

1. Turn off API access for your guest users

2. Lock down external sharing on sensitive objects

3. Audit what your guest user profile can actually read

Each one takes minutes.

Together they close the door ShinyHunters walked through.

If you want the exact step-by-step guide audit checklist, I linked it below.

Experience Cloud Audit Checklist Guide

The big takeaway

Salesforce isn't the problem.

Config drift is.

The companies getting breached this month

Are not running old software or skipping patches.

They just never looked.

Your org is 15 minutes away from knowing if you're safe.

Go look.

Talk next Friday 👋

2 ways we can help this week:

We put together a full Experience Cloud guest user audit checklist here

Want us to run the audit on your org? Book a call here

Other blog posts

Pipeline hygiene rules that stop your AEs from gaming the number
RevOps

Pipeline hygiene rules that stop your AEs from gaming the number

Your AEs are gaming your pipeline and you can't see it. Here are the stage rules, close-date policies, and alerts that fix it in Salesforce.
April 24, 2026
All
Stop your Salesforce forecast from lying to you every Monday
RevOps

Stop your Salesforce forecast from lying to you every Monday

Your Salesforce forecast is wrong right now. Here's how to fix forecast categories, collaborative forecasting, and override discipline in Sales Cloud.
April 24, 2026
All
Sarah left. Now 3 things broke.
RevOps

Sarah left. Now 3 things broke.

3 things that break the moment you deactivate a Salesforce user (and how to find them before it happens) ͏ ‌ ͏ ‌ ͏ ‌
April 24, 2026
All

Ready to work together?

Let's talk about how we can build a Salesforce system that grows with your business.

Book Your Discovery Call
Jordan Nelson
Jordan Nelson
Simply Scale Team
Simply Scale Team
Jordan Nelson
Jordan Nelson
Unlock Exclusive Salesforce Growth Strategies
Join the Simply Scale network and get insider strategies, automation tips, and expert insights straight to your inbox. No fluff—just real solutions to scale faster.