Google Suffers Data Breach at Hands of Hacking Group ‘ShinyHunters’

Google has become the latest victim in a series of Salesforce CRM data theft attacks conducted by a notorious extortion group known as ShinyHunters.

Bleeping Computer reports that in a recent update to an article warning about ongoing Salesforce data theft attacks, Google revealed that it too fell victim to a breach in June. The tech giant’s disclosure comes amidst a wave of similar incidents targeting various companies, all orchestrated by the ShinyHunters threat actor group.

According to Google, one of its corporate Salesforce instances was compromised in June, allowing the attackers to exfiltrate customer data during a brief window before access was cut off. The stolen data was reportedly limited to basic and largely public business information, such as company names and contact details.

Google has classified the threat actors behind these attacks as ‘UNC6040’ or ‘UNC6240.’ However, BleepingComputer, which has been closely monitoring the situation, has confirmed that ShinyHunters is responsible for the breaches. The notorious group has a long history of high-profile attacks, including those targeting PowerSchool, Oracle Cloud, Snowflake, AT&T, NitroPDF, Wattpad, MathWay, and many others.

In a conversation with BleepingComputer, ShinyHunters claimed to have breached numerous Salesforce instances, with attacks still ongoing. The threat actor even hinted at having compromised a trillion-dollar company, though it remains unclear if this refers to Google.

The modus operandi of ShinyHunters involves conducting voice phishing (vishing) social engineering attacks to trick employees into granting access to their companies’ Salesforce instances. Once inside, the attackers proceed to download customer data, which is then used to extort the targeted companies, demanding ransom payments to prevent the data from being publicly leaked.