Salesforce has issued a critical security notification after receiving an extortion demand from the threat actor group ShinyHunters, linked to ongoing social engineering threats previously disclosed by the company. The group has also threatened to target third-party applications integrated with Salesforce systems.
Reaffirming its commitment to customer trust and data protection, Salesforce stated that any application—developed or distributed by affected third parties—found to be compromised may be temporarily disabled as a precautionary measure. This action would apply to all related apps and integrations until security validation is complete.
The company clarified that the term “applications” includes all software and integrations connected to Salesforce, emphasizing that no features or services from compromised apps will remain active during the investigation.
Salesforce continues to work closely with its security partners and affected developers to assess potential impact and reinforce its security perimeter. Customers are advised to monitor communications from Salesforce and review app permissions to ensure compliance with updated security protocols.
