EST A.I CyberSecurity Scoring
EST
Company Information
Website:http://www.enterprisesecuritytech.com
Employees number:2
Number of followers:2,913
NAICS:51913
Industry Type:Internet Publishing
Homepage:enterprisesecuritytech.com
EST Risk Score (AI oriented)
Between 650 and 699
ESTInternet Publishing
Updated:
09/03/2026
09/03/2026
698/1000
Weak
B
EST Global Score (TPRM)
xxxx
ESTInternet Publishing
Score locked

ESTWeak
Current Score
698B (WEAK)
01000
1 incidents
-58 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
703
JUNE 2026
702
MAY 2026
701
APRIL 2026
700
MARCH 2026
698
FEBRUARY 2026
698
JANUARY 2026
697
DECEMBER 2025
696
NOVEMBER 2025
695
OCTOBER 2025
694
SEPTEMBER 2025
750
Breach
01 Sep 2025 • EST
Salesforce and ShinyHunters: ShinyHunters claims ongoing Salesforce Aura data theft attacks
Salesforce Customers Targeted in Data Theft Campaign via Misconfigured Experience Cloud Sites
692
CRITICAL-58
ENTSAL1773088371
Salesforce Customers Targeted in Data Theft Campaign via Misconfigured Experience Cloud Sites
Salesforce has issued a warning about hackers exploiting misconfigured Experience Cloud platforms, which inadvertently grant guest users excessive data access. The ShinyHunters extortion gang claims responsibility, alleging they’ve compromised 300–400 organizations, including around 100 high-profile cybersecurity firms, since September 2025.
Attackers are targeting the /s/sfsites/aura API endpoint, leveraging a modified version of AuraInspector an open-source auditing tool developed by Mandiant to scan for misconfigured instances. Salesforce emphasizes that the issue stems from customer-configured guest user permissions, not a platform vulnerability, and advises organizations to audit and restrict guest access to the principle of least privilege.
Key mitigation steps include:
- Disabling guest access to public APIs and removing the API Enabled setting from guest profiles.
- Setting org-wide defaults to Private for external access.
- Disabling Portal User Visibility and Site User Visibility to prevent user enumeration.
- Reviewing Aura Event Monitoring logs for suspicious activity.
ShinyHunters claims to have bypassed Salesforce’s 2,000-record query limit using a sortBy parameter trick, though Salesforce reportedly patched this over the weekend. The group also alleges discovering a new method to extract data from properly configured instances, though this remains unconfirmed. Their custom tool, "RapeForceV2.01.39," mimics the naming convention of their previous "RapeFlake" tool used in Snowflake attacks.
Salesforce maintains that no platform vulnerability exists, but Mandiant confirms attackers are misusing AuraInspector for reconnaissance. The company recommends designating a Security Contact for rapid notifications and monitoring for unusual access patterns. ShinyHunters suggests disabling Public Access as a potential defense, though this would convert sites into private portals.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
AUGUST 2025
750
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for EST ??
What was EST's A.I Rankiteo Cyber Score in June 2026 ??
What was EST's A.I Rankiteo Cyber Score in May 2026 ??
What was EST's A.I Rankiteo Cyber Score in April 2026 ??
What was EST's A.I Rankiteo Cyber Score in March 2026 ??
What was EST's A.I Rankiteo Cyber Score in February 2026 ??
What was EST's A.I Rankiteo Cyber Score in January 2026 ??
What was EST's A.I Rankiteo Cyber Score in December 2025 ??
What was EST's A.I Rankiteo Cyber Score in November 2025 ??
What was EST's A.I Rankiteo Cyber Score in October 2025 ??
What was EST's A.I Rankiteo Cyber Score in September 2025 ??
What was EST's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on EST's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with EST ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view EST's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?