Google has confirmed that some customers’ information was stolen in a recent breach of one of its databases. In a blog post late on Tuesday, Google’s Threat Intelligence Group stated that one of its Salesforce database systems, used to store contact information and related notes for small and medium businesses, was breached by a hacking group known as ShinyHunters, formally designated as UNC6040.
The company clarified that the stolen data was limited to basic and largely publicly available business information, such as business names and contact details. Google did not disclose the number of affected customers, and a company spokesperson did not immediately respond to requests for comment. It remains unclear whether the company has received any communication, such as a ransom demand.
ShinyHunters is known for targeting large companies and their cloud-based databases. This incident is the latest in a series of breaches affecting Salesforce cloud systems, following recent thefts of customer data from companies like Cisco, airline giant Qantas, and retail giant Pandora.
According to Google’s blog post, the ShinyHunters group uses voice phishing techniques to trick company employees into granting them access to their Salesforce databases. Google also noted that the group is likely preparing a data leak site, a tactic commonly used by ransomware gangs to publish stolen data and extort corporate victims into paying ransoms.
The group reportedly has ties to other cybercriminal collectives, including The Com, a known group that employs hacking, extortion, and sometimes threats of violence to infiltrate networks.
If you have additional information about the Google data breach or have been notified by Google, you can securely contact the reporter via encrypted messaging.