Want latest news insights in your inbox? Sign up for our weekly newsletters to get only what matters to your organization. Subscribe Now
In a chilling development that underscores the growing scale of CRM-targeted attacks, Google has confirmed it suffered a data breach as part of an ongoing campaign linked to the ShinyHunters extortion group.
According to a recent disclosure, one of Google’s corporate Salesforce instances was breached in June by a group Google labels as ‘UNC6040’. This follows a pattern of voice phishing (vishing) and social engineering attacks aimed at Salesforce users. The stolen data reportedly included basic business contact information for small and mid-sized companies.
🗣️ Google stated:
“The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.”
While Google emphasizes that the compromised data was non-sensitive, the implications are massive. ShinyHunters, a group with a notorious track record (linked to breaches at AT&T, Snowflake, Wattpad, and others), claims they have breached numerous Salesforce instances, and their extortion campaign is still unfolding.
What’s at Stake?
-
One unnamed company has reportedly paid 4 BTC (~$400,000) to prevent its data from being leaked.
-
Targets include major brands like Adidas, Qantas, Allianz Life, Cisco, and Louis Vuitton/Dior/Tiffany & Co. (LVMH subsidiaries).
-
ShinyHunters says they may leak stolen data without extortion for at least one trillion-dollar company speculated, but not confirmed, to be Google.
Why This Matters
This incident exposes the critical vulnerabilities in cloud-based CRM systems and highlights the growing sophistication of social engineering tactics used in AI-era cybercrime. It’s also a reminder that “basic” business data isn’t harmless when aggregated or used maliciously.
Expert Insight
The surge in CRM breaches reflects a pivot from malware and brute-force tactics to identity exploitation and insider impersonation, making phishing defenses and endpoint visibility more important than ever.
📬 Want to stay ahead of emerging cybersecurity challenges like this?
Subscribe to our newsletter for weekly insights, updates, and expert analysis.
