“A single entry point can quickly scale and have a greater impact on the business”: Microsoft introduces changes to combat ShinyHunters


  • ShinyHunters abused OAuth trust in Salesforce by deceiving users and then compromising SaaS integrations, stealing tokens to access hundreds of customer environments.
  • Reports suggest up to 700 victims; attackers exfiltrated data through legitimate APIs, making activity appear normal and persistent
  • Microsoft responded with upgrades to Defender for Cloud Apps, adding richer telemetry, near real-time detection, and stronger governance over OAuth connected apps.

Cybercrime group ShinyHunters was so creative in breaking into companies’ Salesforce environments that it forced Microsoft’s hand, forcing the company to introduce new security upgrades just to deal with the attacks.

Microsoft revealed that it is focused on improving visibility of OAuth-connected applications and strengthening governance of third-party integrations in Microsoft Defender for Cloud Applications. The changes fall into two main categories: improved detection and investigation, and new posture and governance capabilities.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top