‘A single point of entry can quickly scale to larger business impacts’: Microsoft makes changes to address ShinyHunters



  • ShinyHunters abused Salesforce’s OAuth trust by tricking users and then compromising SaaS integrations, stealing tokens to access hundreds of customer environments.
  • Reports suggested up to 700 victims; The attackers extracted data through legitimate APIs, making the activity appear normal and persistent.
  • Microsoft responded with updates to Defender for Cloud Apps, adding richer telemetry, near real-time detection, and stronger governance over OAuth-connected apps.

The ShinyHunters cybercrime group was so creative in breaking into Salesforce’s corporate environments that they forced Microsoft’s hand, causing the company to introduce new security updates just to deal with the attacks.

Microsoft has revealed that it is focusing on improving visibility into OAuth-connected apps and strengthening the governance of third-party integrations in Microsoft Defender for Cloud Apps. The changes fall into two main categories: improved detection and investigation, and new posture and governance capabilities.

Leave a Comment

Your email address will not be published. Required fields are marked *