Google has recently disclosed a security breach involving one of its Salesforce databases, resulting in the unauthorized access and theft of customer information. The breach was orchestrated by the hacking group known as ShinyHunters, also referred to as UNC6040.
The compromised database contained contact details and related notes for small and medium-sized businesses. According to Google’s Threat Intelligence Group, the data accessed by the attackers was primarily basic business information, such as company names and contact details. Google has not specified the exact number of customers affected and has not confirmed whether any ransom demands have been received.
ShinyHunters is notorious for targeting large corporations and their cloud-based databases. This incident is part of a broader pattern of attacks on Salesforce cloud systems, with previous breaches affecting companies like Cisco, Qantas, and Pandora. The hackers employ voice phishing techniques to deceive employees into granting access to their organizations’ Salesforce databases.
Google has indicated that ShinyHunters may be preparing a data leak site, a tactic commonly used by ransomware groups to publish stolen data and pressure victims into paying ransoms. The group is also believed to have connections with other cybercriminal collectives, including The Com, known for using hacking, extortion, and threats of violence to infiltrate networks.
This breach underscores the growing threat posed by sophisticated cybercriminal groups targeting cloud-based systems. Organizations are urged to enhance their security measures, including employee training on recognizing phishing attempts and implementing robust access controls, to mitigate the risk of such attacks.
