Google Confirms Data Theft By ShinyHunters

Image by Brett Jordan, from Unsplash

Google Confirms Data Theft By ShinyHunters

Reading time: 2 min

Last Updated: Aug 7, 2025

Google confirmed that its Salesforce system experienced a breach in June when hackers used phone scams to steal customer contact information, and threatened to leak the data publicly.

In a rush? Here are the quick facts:

  • Only basic SMB contact details were accessed before shutdown.
  • ShinyHunters may launch public data leak site to pressure victims.
  • One unnamed company paid $400K ransom to avoid a leak.

Google has confirmed that it was among the latest victims of a widespread data breach targeting companies using Salesforce CRM systems. The attacks are part of a global extortion campaign linked to a hacking group known as ShinyHunters, who Google tracks under the codename UNC6040.

“In June, one of Google’s corporate Salesforce instances was impacted by similar UNC6040 activity described in this post. Google responded to the activity, performed an impact analysis and began mitigations,” the company said in an update.

The breach exposed contact information and related notes of small and medium-sized businesses, which Google described as “basic and largely publicly available business information, such as business names and contact details.” The data was accessed only briefly before Google shut down access.

The attackers used voice phishing (vishing) as a social engineering tactic to impersonate IT support staff, and trick employees into granting access. The attackers deceived victims into authorizing a fake version of Salesforce’s “Data Loader” application, which eventually allowed them to steal sensitive data.

In some cases, data was only partially exfiltrated before detection; in others, entire datasets were taken.

Google suspects ShinyHunters may now escalate the attacks by launching a public data leak site, putting even more pressure on victims.  According to BleepingComputer, the group has conducted previous cyberattacks against major companies including Cisco and Adidas and Louis Vuitton.

BleepingComputer also notes that one company has already paid a ransom of 4 Bitcoins (around $400,000) to prevent data exposure.

The incident shows a troubling trend where criminal groups use phone scams to target support staff. Salesforce has become a preferred system for these breaches. Google and cybersecurity experts predict additional attacks will occur throughout the upcoming months so businesses need to remain vigilant.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
0 Voted by 0 users
Title
Comment
Thanks for your feedback