Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Enterprise Security Tech

Enterprise Security Tech Vendor Cyber Rating & Cyber Score

enterprisesecuritytech.com

Enterprise Security Tech is a cybersecurity blog for CISOs, CIOs, and security-minded CEOs that brings together critical news, expert insights, and product information to help leaders make informed business decisions. Subscribe and get plugged in to cyber. The Cyber Jack Podcast is an in-depth take on critical cyber issues, featuring top experts from around the industry. The podcast covers the latest in nation-state threats, security challenges, cyber culture, and diversity, equality and inclusion.


EST A.I CyberSecurity Scoring

EST
Company Information
Website:http://www.enterprisesecuritytech.com
Employees number:2
Number of followers:2,913
NAICS:51913
Industry Type:Internet Publishing
Homepage:enterprisesecuritytech.com
EST Risk Score (AI oriented)
Between 650 and 699
logo
ESTInternet Publishing
Updated:
09/03/2026
698/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
EST Global Score (TPRM)
xxxx
logo
ESTInternet Publishing
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

EST
ESTWeak
Current Score
698B (WEAK)
01000
1 incidents
-58 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
703Before Incident
JUNE 2026
702Before Incident
MAY 2026
701Before Incident
APRIL 2026
700Before Incident
MARCH 2026
698Before Incident
FEBRUARY 2026
698Before Incident
JANUARY 2026
697Before Incident
DECEMBER 2025
696Before Incident
NOVEMBER 2025
695Before Incident
OCTOBER 2025
694Before Incident
SEPTEMBER 2025
750Before Incident
Breach
01 Sep 2025EST
Salesforce and ShinyHunters: ShinyHunters claims ongoing Salesforce Aura data theft attacks

Salesforce Customers Targeted in Data Theft Campaign via Misconfigured Experience Cloud Sites

692After Incident
CRITICAL-58
ENTSAL1773088371
Salesforce Customers Targeted in Data Theft Campaign via Misconfigured Experience Cloud Sites Salesforce has issued a warning about hackers exploiting misconfigured Experience Cloud platforms, which inadvertently grant guest users excessive data access. The ShinyHunters extortion gang claims responsibility, alleging they’ve compromised 300–400 organizations, including around 100 high-profile cybersecurity firms, since September 2025. Attackers are targeting the /s/sfsites/aura API endpoint, leveraging a modified version of AuraInspector an open-source auditing tool developed by Mandiant to scan for misconfigured instances. Salesforce emphasizes that the issue stems from customer-configured guest user permissions, not a platform vulnerability, and advises organizations to audit and restrict guest access to the principle of least privilege. Key mitigation steps include: - Disabling guest access to public APIs and removing the API Enabled setting from guest profiles. - Setting org-wide defaults to Private for external access. - Disabling Portal User Visibility and Site User Visibility to prevent user enumeration. - Reviewing Aura Event Monitoring logs for suspicious activity. ShinyHunters claims to have bypassed Salesforce’s 2,000-record query limit using a sortBy parameter trick, though Salesforce reportedly patched this over the weekend. The group also alleges discovering a new method to extract data from properly configured instances, though this remains unconfirmed. Their custom tool, "RapeForceV2.01.39," mimics the naming convention of their previous "RapeFlake" tool used in Snowflake attacks. Salesforce maintains that no platform vulnerability exists, but Mandiant confirms attackers are misusing AuraInspector for reconnaissance. The company recommends designating a Security Contact for rapid notifications and monitoring for unusual access patterns. ShinyHunters suggests disabling Public Access as a potential defense, though this would convert sites into private portals.
INCIDENT DETAILS -
TYPE
Data Theft
MOTIVATION
Extortion, Data Theft
IMPACT
Data Compromised: YesSystems Affected: Salesforce Experience Cloud platformsBrand Reputation Impact: PotentialIdentity Theft Risk: Potential
DATA BREACH
Data Exfiltration: AllegedPersonally Identifiable Information: Potential
AUGUST 2025
750Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for EST ?
?
What was EST's A.I Rankiteo Cyber Score in June 2026 ?
?
What was EST's A.I Rankiteo Cyber Score in May 2026 ?
?
What was EST's A.I Rankiteo Cyber Score in April 2026 ?
?
What was EST's A.I Rankiteo Cyber Score in March 2026 ?
?
What was EST's A.I Rankiteo Cyber Score in February 2026 ?
?
What was EST's A.I Rankiteo Cyber Score in January 2026 ?
?
What was EST's A.I Rankiteo Cyber Score in December 2025 ?
?
What was EST's A.I Rankiteo Cyber Score in November 2025 ?
?
What was EST's A.I Rankiteo Cyber Score in October 2025 ?
?
What was EST's A.I Rankiteo Cyber Score in September 2025 ?
?
What was EST's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on EST's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with EST ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view EST's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?