Tech large Google has formally acknowledged a major knowledge breach affecting its company Salesforce database, with the corporate finishing e-mail notifications to affected customers as of August 8, 2025.
Google revealed on August 5 that one in every of its company Salesforce situations was compromised in June 2025 by the infamous cybercriminal group referred to as ShinyHunters, formally tracked as UNC6040 by the Google Menace Intelligence Group.
The breach uncovered contact data and associated notes for small and medium companies saved in Google’s buyer relationship administration system.
The cyberattack was orchestrated via refined voice phishing (vishing) methods, the place risk actors impersonated IT help personnel to deceive Google workers into granting system entry.
This social engineering method has turn out to be more and more prevalent, with attackers manipulating human belief reasonably than exploiting technical vulnerabilities within the Salesforce platform itself.
Based on Google’s evaluation, the attackers gained entry via a malicious model of Salesforce’s Information Loader software. Throughout fraudulent telephone calls, victims had been guided to authorize what seemed to be a reputable linked app, inadvertently granting the cybercriminals in depth capabilities to entry and extract delicate knowledge.
Google described the stolen data as “fundamental and largely publicly obtainable enterprise data, akin to enterprise names and speak to particulars”. Nevertheless, safety researchers report that ShinyHunters claimed to have obtained roughly 2.55 million knowledge information from the breach.
Google emphasised that the breach was contained inside “a small window of time earlier than the entry was lower off”. The corporate instantly:
Terminated the attackers’ entry upon discovery
Performed a complete affect evaluation
Applied extra safety mitigations
Started notifying affected clients
The notification course of started in early August, with Google finishing e-mail alerts to all affected customers by August 8, 2025. The corporate assured customers that cost data remained safe and that there was no affect on Google Advertisements knowledge, Service provider Heart, Google Analytics, or different promoting merchandise.
This assault is a part of a broader marketing campaign by ShinyHunters, a cybercriminal collective that has focused quite a few high-profile organizations all through 2025. The group has been linked to breaches at main corporations together with Cisco, Qantas, LVMH manufacturers (Louis Vuitton, Dior, Tiffany & Co.), Adidas, and Allianz Life.
ShinyHunters sometimes employs a delayed extortion mannequin, ready months after the preliminary knowledge theft to demand ransom funds. The group has been noticed demanding funds in Bitcoin inside 72-hour ultimatums, usually claiming affiliation with different infamous hacking collectives to extend stress on victims.
Based on stories, ShinyHunters demanded 20 Bitcoins (roughly $2.3 million) from Google, although the risk actor later claimed this was despatched “for the lulz” reasonably than as a critical extortion try.
Equip your SOC with full entry to the newest risk knowledge from ANY.RUN TI Lookup that may Enhance incident response -> Get 14-day Free Trial
