Google Confirms A Data Breach

Uploaded on 2025-08-11 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Google has announced a significant data breach that has hit its corporate Salesforce database, and Google sent email notifications to the affected users on August 8, 2025.

Earlier Google had said that one of its corporate Salesforce instances was compromised in June 2025 by the notorious cyber criminal group known as ShinyHunters, officially tracked as UNC6040 by the Google Threat Intelligence Group.

“We believe threat actors using the 'ShinyHunters' brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS). 

“These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches. We continue to monitor this actor and will provide updates as appropriate,” said Google.

Google Threat Intelligence Group has said that the attacks targeted English-speaking employees working for Salesforce clients and used voice phishing to trick the employee into connecting a modified version of Salesforce's Data Loader application. 

The English-speaking employees received phone calls from someone claiming to be IT support personnel, telling the targeted employee to accept a connection to the client application known as Salesforce Data Loader. 

The breach exposed contact information and related notes for small and medium businesses stored in Google’s customer relationship management system.

Google says the exposed information includes business names, phone numbers, and "related notes" for a Google sales agent to contact them again.

The cyber attack was staged through sophisticated voice phishing techniques, where threat actors impersonated IT support personnel to deceive Google employees into granting system access.

This social engineering approach has become increasingly prevalent, with attackers manipulating human trust rather than exploiting technical vulnerabilities in the Salesforce platform itself.

According to Google’s analysis, the attackers gained access through a malicious version of Salesforce’s Data Loader application. During fraudulent phone calls, victims were guided to authorize what appeared to be a legitimate connected app, inadvertently granting the cyber criminals extensive capabilities to access and extract sensitive data.

Google has described the stolen information as “basic and largely publicly available business information, such as business names and contact details”. 

However, security researchers report that ShinyHunters claimed to have obtained approximately 2.55 million data records from the breach.

Google emphasised that the breach was contained within “a small window of time before the access was cut off”. 

Google Immediately:

  • Terminated the attackers’ access upon discovery
  • Conducted a comprehensive impact analysis
  • Implemented additional security mitigations
  • Began notifying affected customers

Notification began in early August, with Google completing email alerts to all affected users by August 8, 2025. The company assured users that payment information remained secure and that there was no impact on Google Ads data, Merchant Center, Google Analytics, or other advertising products.

This attack is part of a broader campaign by ShinyHunters, also known as Scattered Spider, a cyber criminal collective that has targeted numerous high-profile organisations throughout 2025. The group has been linked to breaches at major companies including Cisco, Qantas, LVMH brands (Louis Vuitton, Dior, Tiffany & Co.) Adidas and Allianz Life.   

ShinyHunters typically employs a delayed extortion model, waiting months after the initial data theft to demand ransom payments. The group has been observed demanding payments in Bitcoin within 72-hour ultimatums, often claiming affiliation with other notorious hacking collectives to increase pressure on victims.

According to reports, ShinyHunters demanded 20 Bitcoins (approximately $2.3 million) from Google, though the threat actor later claimed this was sent “for the lulz” (apparent amusement), rather than as a serious extortion attempt.

Google     |     Cybersecurity News     |     Forbes     |     Bleeping Computer  |  Phone Arena     |     Computing

You Might Also Read:

Scattered Spider Attacks - Four Arrested:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« GPT-5 Model Boosts ChatGPT To PhD Level
Finance Sectors Sufferer Increasing Hybrid Cyber Threats »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

International School of IT Security (ISITS)

International School of IT Security (ISITS)

The International School of IT Security (ISITS) is a leading provider of professional training in the field of IT Security.

CompliancePoint

CompliancePoint

We design and implement strategies, processes & procedures to mitigate risk, reach compliance goals, protect data assets, and meet industry standards.

Applied Risk

Applied Risk

Applied Risk is an established leader in Industrial Control Systems security, focused on critical infrastructure security and combating security breaches that pose a significant threat.

CyberSwarm

CyberSwarm

CyberSwarm is developing a neuromorphic System-on-a-Chip dedicated to cybersecurity which helps organizations secure communication between connected devices and protect critical business assets.

CYBAVO

CYBAVO

CYBAVO is a cryptocurrency security company founded by experts from the cryptocurrency and security industries.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

TrustMAPP

TrustMAPP

TrustMAPP automates cybersecurity & privacy assessments, with universal workflow, allowing teams to generate analytics and recommendations to align priorities for improvement.

Stairwell

Stairwell

Stairwell is building a new approach to cybersecurity around a vision that all security teams should be able to determine what’s good, what’s bad, and why.

Enginsight

Enginsight

Enginsight provides a comprehensive solution for monitoring and securing your servers and clients.

Deutsche Gesellschaft für Cybersicherheit (DGC)

Deutsche Gesellschaft für Cybersicherheit (DGC)

As a leading provider of cyber security, DGC supports companies in taking advantage of the opportunities offered by the digital transformation – and in minimizing the associated risks.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.

Aegis9

Aegis9

Aegis9 is an Australian owned and sovereign consultancy that specialises in providing tailored security solutions for both public and private sector clients based on their specific needs.

National Cyber Force (NCF) - UK

National Cyber Force (NCF) - UK

The National Cyber Force (NCF) is a partnership between defence and intelligence.

InstaSecure

InstaSecure

InstaSecure’s Preventive Cloud Controls accelerate alert remediation and strengthen cloud configurations. Set your controls once and prevent current and future risks.

Bumi Optimus

Bumi Optimus

Bumi Optimus aims to be in the forefront of the digital industry with technologies such as AI, Data Science, Mixed Reality, Blockchain, Cybersecurity and Cloud Computing.