RevOps

400 Salesforce Companies Hacked

400 Salesforce companies hacked. Do this to protect yourself.
Jordan Nelson
Jordan Nelson
April 23, 2026

Read Time: 1.5 Minutes

400 Salesforce orgs got breached over the last month.

Not a hack.

Not a zero-day.

Just a setting someone forgot to check.

ShinyHunters ran a mass scan of Experience Cloud sites and found 300 to 400 orgs with the same misconfiguration.

FINRA issued a cybersecurity alert about it this week.

Here's the part every RevOps leader needs to hear:

👉 This is NOT a Salesforce platform vulnerability.

It's a guest user config mistake.

Any org could have it right now. Yours included.

What actually happened

Salesforce Experience Cloud lets you spin up:

  • portals
  • partner portals
  • customer communities
  • help centers

Each one gets a "guest user" profile.

That profile controls what an unauthenticated visitor can see and do.

If it's too permissive attackers can:

  • read records
  • Query data
  • Pivot deeper

No credentials needed.

That's exactly what ShinyHunters exploited.

At scale.

Why this keeps happening

Guest user access gets set once...then forgotten.

Most orgs we audit have at least 1 over permissive guest profile.

Usually from:

  • A portal built 2 years ago for a project that shipped once
  • A partner community nobody maintains
  • A "temporary" community site that never got turned off

Nothing looks broken. So nobody looks.

Until 400 companies get breached in a month.

3 things to check today

You don't need your security team for this.

1. Turn off API access for your guest users

2. Lock down external sharing on sensitive objects

3. Audit what your guest user profile can actually read

Each one takes minutes.

Together they close the door ShinyHunters walked through.

If you want the exact step-by-step guide audit checklist, I linked it below.

Experience Cloud Audit Checklist Guide

The big takeaway

Salesforce isn't the problem.

Config drift is.

The companies getting breached this month

Are not running old software or skipping patches.

They just never looked.

Your org is 15 minutes away from knowing if you're safe.

Go look.

Talk next Friday 👋

2 ways we can help this week:

We put together a full Experience Cloud guest user audit checklist here

Want us to run the audit on your org? Book a call here

Other blog posts

How do I build a Salesforce UTM taxonomy AEs will use?
MarketingOps

How do I build a Salesforce UTM taxonomy AEs will use?

Salesforce UTM tracking dies at conversion. Fix it in 4 moves: lock a convention, capture on Lead, copy via Flow, report first-touch and last-touch.
May 19, 2026
All
I'm about to talk myself out of work
Guide

I'm about to talk myself out of work

How you can read salesforce error emails on your own and stop paying $200+ an hour for a consultant to do it for you
May 18, 2026
All
How do I roll out a Salesforce pricing change without breaking open deals?
GTM

How do I roll out a Salesforce pricing change without breaking open deals?

Roll out a Salesforce pricing change without breaking open deals by versioning price books, locking quotes past a stage, and giving AEs 14 days notice.
May 18, 2026
All

Ready to work together?

Let's talk about how we can build a Salesforce system that grows with your business.

Book Your Discovery Call
Jordan Nelson
Jordan Nelson
Simply Scale Team
Simply Scale Team
Jordan Nelson
Jordan Nelson
Unlock Exclusive Salesforce Growth Strategies
Join the Simply Scale network and get insider strategies, automation tips, and expert insights straight to your inbox. No fluff—just real solutions to scale faster.