Google has confirmed that hackers have breached one of its Salesforce databases, gaining access to customer data belonging to small and medium-sized businesses. The tech giant disclosed the incident in a blog post released late Tuesday through its Threat Intelligence Group.
What Happened?
According to the official statement, the attackers — a well-known hacking group called ShinyHunters (formally identified as UNC6040) — managed to infiltrate a Salesforce system used by Google to store business contact information and internal notes. The breach exposed data like business names, email addresses, and other publicly available contact details.
Google emphasized that the stolen information was limited and did not include sensitive or confidential data such as passwords, payment details, or customer credentials. However, even limited business contact data can be misused, especially in phishing campaigns or spam operations.
Who Are the ShinyHunters?
ShinyHunters is a notorious cybercriminal group known for breaching cloud-based systems of major companies. In the past, they’ve been linked to data theft incidents at large organizations like Cisco, Qantas, and Pandora.
Their typical method? Voice phishing — a technique where attackers impersonate company officials or IT staff in phone calls to trick employees into giving away sensitive access credentials. Once inside, they quietly extract valuable data from company systems.
What Is Google Saying?
While Google confirmed the breach and identified the group behind it, the company has not shared how many customers are affected, nor did it comment on whether any ransom demands have been made. Google spokesperson Mark Karayan declined to provide further details beyond the blog post.
Interestingly, Google also warned that ShinyHunters may be preparing to launch a data leak site — a common tactic used by ransomware groups to publish stolen data and pressure companies into paying to keep it private.
The group is also said to have links with another criminal entity known as The Com, which uses more aggressive extortion tactics including threats of violence.
Why This Matters
This incident highlights a troubling trend — cloud platforms being targeted through social engineering tactics, like phishing calls, rather than direct technical exploits. As more companies rely on third-party platforms like Salesforce for storing customer data, security hygiene and employee awareness become even more crucial.
It also underscores the importance of multi-layered cybersecurity strategies, including employee training, multi-factor authentication, and regular access audits.
Final Thoughts
Although this breach may not involve highly sensitive personal data, it reflects how attackers are growing more strategic — targeting business ecosystems where even basic data can be leveraged for scams, social engineering, or reputational damage.
For businesses using Salesforce or similar cloud platforms, it’s a wake-up call to tighten internal security policies and stay alert to phishing attempts, no matter how harmless they may initially seem.
