Google has confirmed that it was a victim of a data breach related to the recent wave of Salesforce CRM data theft attacks attributed to the notorious ShinyHunters extortion group. This revelation comes after Google had previously issued warnings regarding a threat actor, identified as ‘UNC6040’, who is targeting employees of various companies through voice phishing attacks to infiltrate Salesforce instances and extract sensitive customer information.
In an update provided by Google, it detailed that the breach occurred in June when one of its corporate Salesforce instances was compromised, resulting in the unauthorized access to customer data. Google’s response involved an immediate impact analysis followed by mitigation efforts to secure the affected data. The information accessed was primarily business-related, comprising basic details such as company names and contact information, which are largely publicly available.
ShinyHunters, a group with a long track record of cybercriminal activities, has been linked to numerous data breaches affecting high-profile companies including PowerSchool, Oracle Cloud, and AT&T. According to reports from BleepingComputer, ShinyHunters has been actively extorting various organizations, including confirmed attacks on companies like Adidas and Qantas, through ransom demands to prevent the public release of stolen data.
In a concerning development, ShinyHunters has claimed responsibility for breaching several Salesforce instances and is currently demanding ransoms to avoid leaking sensitive information. In a conversation with BleepingComputer, the group hinted at having already extorted one company for 4 Bitcoins (approximately $400,000) to prevent the dissemination of their data. Though they suggested they might leak data from a ‘trillion-dollar company,’ it remains uncertain whether this refers to Google.