Highlights a broader issue
Brian Soby, chief technology officer and co-founder of AppOmni, called the threat by the hackers to assist in legal action against Salesforce “unusual. To our knowledge, it is the first time an attacker has threatened to participate in or leverage existing litigation against the vendor of a compromised platform and its native security tools as part of an extortion campaign. While attackers often pressure customers of a breached product, using lawsuits to increase leverage on the vendor represents a novel escalation.,” he said.
However, he said, “at the same time, it’s important to note that ShinyHunters gained access through phishing and stolen customer user credentials, enabling compromise of customer Salesforce instances. Under the Shared Responsibility model, preventing and detecting such activity falls squarely within the customer’s domain. This makes the legal theories driving these lawsuits questionable at best.”
He added that these incidents highlight a broader issue, noting, “many SaaS customers have yet to adopt the tools and practices necessary to effectively meet their Shared Responsibility obligations. What is novel here is the attempt to frame alleged negligence not just against customers, but against the vendor and its native, first-party security tools.”
