Google Says Hackers Stole Customers' Data in Breach of Its Salesforce Database

Google has confirmed that a group of hackers, known as ShinyHunters or UNC6040, stole the personal data of some customers from its Salesforce database. The breach occurred in a recent incident where the cybercriminals gained unauthorized access to the company's cloud-based contact information system.

The data retrieved by the threat actor includes basic and largely publicly available business information such as business names and contact details. According to Google, this data was not considered sensitive or confidential. However, the breach highlights the growing threat of cyber attacks on large corporations and their cloud-based databases.

ShinyHunters: A Group with a History of Targeting Big Companies

ShinyHunters is a known group that has targeted numerous big companies and their cloud-based databases. The group relies on voice phishing techniques to trick company employees into granting them access to their cloud-based Salesforce databases.

The group's modus operandi involves using these tactics to gain access to the databases, and then selling or publishing the stolen data on a leak site. According to Google, the ShinyHunters group is likely preparing a data leak site, which some ransomware gangs use to publish stolen data in an attempt to extort their corporate victims into paying a ransom.

A Growing Concern: Breaches Targeting Salesforce Cloud Systems

This breach is not an isolated incident. There have been recent breaches of customer data from other companies that used Salesforce cloud systems, including Cisco and airline giant Qantas, retail giant Pandora, among others.

These incidents highlight the growing concern about cyber attacks on large corporations and their cloud-based databases. It's essential for companies to take proactive measures to protect themselves against such threats and to ensure the security of their customers' data.

What You Need to Know

If you are a customer of Google who has been affected by this breach, it is unclear whether you have received any communication from the company or if there have been any ransom demands.

Google spokesperson Mark Karayan declined to provide further information on the number of customers affected. The company's blog post stated that only basic and largely publicly available business information was compromised in the breach.

It's essential to note that ShinyHunters is a known group with a history of targeting big companies, and their tactics are often used by other groups as well.

Get in Touch

Are you affected by this breach? Have you been notified by Google? If so, please contact me securely via encrypted message at zackwhittaker.1337 on Signal. I am the security editor at TechCrunch and can provide more information about this incident.