Google has confirmed it was hacked in June, with attackers stealing business contact information of small and medium-sized businesses from one of its Salesforce databases. The tech giant revealed the breach in an August 5 update to an earlier security advisory.
The attack was carried out by a hacking group known as ShinyHunters (also tracked as UNC6040), which has targeted multiple major companies in a wave of similar attacks. Google said the stolen information was “basic and largely publicly available business information, such as business names and contact details.”
Google’s Threat Intelligence Group reported that company staff quickly detected the breach and cut off access, limiting the data theft to “a small window of time.” The company has not revealed how many customers were affected or whether a ransom was demanded.
Security experts warn that even this “basic” data poses real risks. “The speed at which organisations are falling victim to cyber attacks targeting Salesforce instances is nothing short of alarming,” said Robin Brattel, CEO at Lab 1.
The hackers used a technique called voice phishing or “vishing” – making phone calls while pretending to be IT staff to trick employees into granting access to company systems. After gaining entry, the attackers used malicious connected apps or custom scripts to download customer data.
This breach is part of a larger campaign that has hit several major companies. Other victims reportedly include Adidas, Qantas airline, Allianz Life, Cisco, and luxury brands under LVMH like Louis Vuitton, Dior, and Tiffany & Co.
“It doesn’t matter if you are a small business or one of the world’s leading technology firms, all organizations are vulnerable,” said William Wright, CEO of Closed Door Security. Wright noted that many attacks likely remain unreported.
According to cybersecurity sources, one unnamed victim paid approximately $400,000 (4 Bitcoins) to prevent their data from being leaked. Google has warned that ShinyHunters may be preparing to launch a “data leak site” where stolen information would be published to pressure victims into paying ransoms.
Similar Posts
Jamie Akhtar, CEO of CyberSmart, added perspective: “If it can happen to one of the wealthiest and best-defended companies in the world, it can happen to anyone.” Akhtar emphasized that even the strongest technical defenses can’t protect against human error if staff are successfully tricked.
Google has been tight-lipped about specific details, with a spokesperson telling reporters that all available information was in their blog update. The company has not confirmed whether it received ransom demands or if it has notified affected customers.
Security experts recommend several protective measures for businesses of all sizes:
- Train staff to recognize voice phishing attempts
- Implement strict controls on connected apps in Salesforce
- Use multi-factor authentication
- Monitor for unusual data exports
- Consider credential-less authentication systems
Dray Agha from Huntress highlighted the supply chain risks of third-party platforms: “Even tech giants aren’t immune, highlighting that businesses must rigorously vet and continuously monitor all vendors with access to their data.”
While the breach is concerning, Akhtar offered some reassurance: “There’s no indication as yet that any of the data stolen is particularly sensitive or places customers in real peril.” He advised businesses to “be cautious but don’t panic.”
