Excerpt from TechCrunch Article, Published on August 6, 2025
Google has confirmed that it suffered a data breach involving one of its corporate Salesforce database systems in June 2025. The breach was executed by a hacking group known as ShinyHunters, internally tracked by Google as the threat actor UNC6040. This group used sophisticated voice phishing (vishing) social engineering techniques to gain unauthorized access to Google’s Salesforce environment, which stored contact information and related notes for small and medium business customers.
According to Google’s Threat Intelligence Group, the attackers accessed basic and mostly publicly available business details such as company names and contact information. Importantly, the breach was detected and contained within a brief window, limiting further exposure. Google has not disclosed the exact number of affected customers or whether any ransom demands have been made, but they confirmed ongoing monitoring and mitigations are in place.
ShinyHunters have been linked to multiple recent intrusions across high-profile companies including Cisco, Qantas, and luxury brands like Dior and Louis Vuitton. Their tactics involve not only stealing data but also pressuring victims through extortion attempts, with some paying large ransoms in bitcoin to prevent leaks. The group is reportedly preparing a data leak site to further coerce victims, escalating the risks from such attacks.
Google’s breach underscores the growing need for companies to secure cloud-based CRM systems against evolving social engineering threats. Experts recommend robust employee training on phishing, multi-factor authentication, and vigilant monitoring of cloud access activity to thwart similar attacks.
To delve deeper into this topic, read the TechCrunch article.
