Google Confirms A Data Breach

Uploaded on 2025-08-11 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Google has announced a significant data breach that has hit its corporate Salesforce database, and Google sent email notifications to the affected users on August 8, 2025.

Earlier Google had said that one of its corporate Salesforce instances was compromised in June 2025 by the notorious cyber criminal group known as ShinyHunters, officially tracked as UNC6040 by the Google Threat Intelligence Group.

“We believe threat actors using the 'ShinyHunters' brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS). 

“These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches. We continue to monitor this actor and will provide updates as appropriate,” said Google.

Google Threat Intelligence Group has said that the attacks targeted English-speaking employees working for Salesforce clients and used voice phishing to trick the employee into connecting a modified version of Salesforce's Data Loader application. 

The English-speaking employees received phone calls from someone claiming to be IT support personnel, telling the targeted employee to accept a connection to the client application known as Salesforce Data Loader. 

The breach exposed contact information and related notes for small and medium businesses stored in Google’s customer relationship management system.

Google says the exposed information includes business names, phone numbers, and "related notes" for a Google sales agent to contact them again.

The cyber attack was staged through sophisticated voice phishing techniques, where threat actors impersonated IT support personnel to deceive Google employees into granting system access.

This social engineering approach has become increasingly prevalent, with attackers manipulating human trust rather than exploiting technical vulnerabilities in the Salesforce platform itself.

According to Google’s analysis, the attackers gained access through a malicious version of Salesforce’s Data Loader application. During fraudulent phone calls, victims were guided to authorize what appeared to be a legitimate connected app, inadvertently granting the cyber criminals extensive capabilities to access and extract sensitive data.

Google has described the stolen information as “basic and largely publicly available business information, such as business names and contact details”. 

However, security researchers report that ShinyHunters claimed to have obtained approximately 2.55 million data records from the breach.

Google emphasised that the breach was contained within “a small window of time before the access was cut off”. 

Google Immediately:

  • Terminated the attackers’ access upon discovery
  • Conducted a comprehensive impact analysis
  • Implemented additional security mitigations
  • Began notifying affected customers

Notification began in early August, with Google completing email alerts to all affected users by August 8, 2025. The company assured users that payment information remained secure and that there was no impact on Google Ads data, Merchant Center, Google Analytics, or other advertising products.

This attack is part of a broader campaign by ShinyHunters, also known as Scattered Spider, a cyber criminal collective that has targeted numerous high-profile organisations throughout 2025. The group has been linked to breaches at major companies including Cisco, Qantas, LVMH brands (Louis Vuitton, Dior, Tiffany & Co.) Adidas and Allianz Life.   

ShinyHunters typically employs a delayed extortion model, waiting months after the initial data theft to demand ransom payments. The group has been observed demanding payments in Bitcoin within 72-hour ultimatums, often claiming affiliation with other notorious hacking collectives to increase pressure on victims.

According to reports, ShinyHunters demanded 20 Bitcoins (approximately $2.3 million) from Google, though the threat actor later claimed this was sent “for the lulz” (apparent amusement), rather than as a serious extortion attempt.

Google     |     Cybersecurity News     |     Forbes     |     Bleeping Computer  |  Phone Arena     |     Computing

You Might Also Read:

Scattered Spider Attacks - Four Arrested:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« GPT-5 Model Boosts ChatGPT To PhD Level
Finance Sectors Sufferer Increasing Hybrid Cyber Threats »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Corero Network Security

Corero Network Security

Corero Network Security is dedicated to improving the security of the Internet through the deployment of its innovative DDoS & Network Security Solutions.

American International Group (AIG)

American International Group (AIG)

AIG, is an American multinational insurance corporation. Commercial services include cyber risk insurance.

TraceSecurity

TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions.

CUIng.org

CUIng.org

The CUIng initiative was launched to tackle the problem of criminal exploitation of information hiding techniques.

Guy Carpenter

Guy Carpenter

Guy Carpenter delivers a powerful combination of broking expertise, strategic advisory services, and industry-leading analytics.

NXO France

NXO France

NXO is an independent leader in the integration and management of digital workflows with services covering digital infrastructures, communications & collaboration, and security.

HudsonCyber

HudsonCyber

HudsonCyber, part of HudsonAnalytix, provides leading cyber risk management services for the global maritime transportation industry.

GreenWorld Technologies

GreenWorld Technologies

GreenWorld has a proven track record in industry leading IT asset management, secure data destruction and remarketing.

BDO Global

BDO Global

BDO is an international network of public accounting, tax and advisory firms which perform professional services under the name of BDO.

Cyber Security Authority (CSA) - Ghana

Cyber Security Authority (CSA) - Ghana

The Cyber Security Authority has been established to regulate cybersecurity activities in Ghana.

Venari Security

Venari Security

Venari is an award-winning cybersecurity SaaS provider that has developed an ETA (Encrypted Traffic Analysis) platform which fundamentally changes the way encrypted traffic is analysed.

Lavabit

Lavabit

Lavabit's Dark Internet Mail Environment is a secure, open-source, secure end-to-end communications platform for asynchronous messaging across the internet.

ELLIO Technology

ELLIO Technology

ELLIO Technology is a cybersecurity company that reduces alert overload, improves incident response, and helps security teams target serious attackers who pose a real threat.

Amyna Systems

Amyna Systems

Amyna has developed an IoT cybersecurity platform that prevents malignant attacks, helping users to protect themselves from cyberattacks.

StackGen

StackGen

StackGen (formerly appCD) automatically generates Infrastructure from Code (IfC) based on application code with golden standards applied.

Quantum Dice

Quantum Dice

Quantum Dice is an award-winning venture-backed spinout from Oxford University’s world-renowned quantum optics laboratory.