Google Confirms Data Breach via Compromised Salesforce Database Linked to ShinyHunters Group

Google has confirmed a recent data breach that exposed contact details of some of its small and medium-sized business customers. The breach stemmed from unauthorized access to one of its Salesforce databases, according to a statement published by Google’s Threat Intelligence Group.

The breach has been attributed to the threat actor group ShinyHunters, also tracked under the designation UNC6040. This group managed to infiltrate a Salesforce system used by Google to manage customer contact information and business-related notes.

According to Google, the compromised data was limited to publicly accessible or basic business information, including company names and contact details. While this data may not be highly sensitive, its exposure still poses reputational and security risks, especially when used in phishing or social engineering campaigns.

The company has not disclosed the exact number of affected customers. A spokesperson for Google declined to provide further details beyond what was included in the official blog post. It also remains unclear whether the attackers issued a ransom demand or attempted to contact Google after the breach.

ShinyHunters is known for targeting cloud-based environments of large enterprises. This incident follows a broader trend of attacks exploiting Salesforce cloud systems, with recent similar breaches impacting companies such as Cisco, Qantas, and Pandora.

Google notes that the attackers likely used vishing (voice phishing) tactics to manipulate internal personnel into granting them access to sensitive systems. This social engineering technique remains one of the most effective ways for threat actors to bypass technical defenses.

Furthermore, Google warns that the attackers may be preparing a data leak platform, a strategy commonly used by ransomware groups to pressure victims into paying extortion fees. ShinyHunters is reportedly associated with other known cybercriminal collectives, including “The Com,” a group notorious for using hacking, blackmail, and even threats of violence to achieve their objectives.

This breach highlights once again the critical importance of human-factor security, particularly in managing access to cloud platforms like Salesforce. Organizations are encouraged to conduct regular security awareness training, enforce multi-factor authentication, and monitor for signs of social engineering attempts to reduce the risk of similar intrusions.

Source: https://techcrunch.com/2025/08/06/google-says-hackers-stole-its-customers-data-in-a-breach-of-its-salesforce-database