Google Salesforce data breach concerns escalated after Google confirmed that hackers accessed customer data through one of its Salesforce databases. The attackers belonged to the group ShinyHunters, also known as UNC6040.
On Tuesday, Google’s Threat Intelligence Group published a blog post detailing the breach. Hackers infiltrated a Salesforce system containing business contact data and internal notes for small and medium-sized companies. Google said the stolen information included basic and public business names and contact details, but the company has not disclosed how many customers were affected.
This breach joins a growing list of Salesforce cloud attacks. Similar incidents recently hit major companies like Cisco, Qantas, and Pandora. Security experts say hackers are increasingly targeting cloud-based platforms because of the centralized and valuable data they hold.
Investigators learned that ShinyHunters used voice phishing to trick employees. They impersonated internal staff to get login credentials and gain access to the database. Google warned that the group may launch a data leak site to pressure victims into paying ransoms.
Analysts also linked ShinyHunters to The Com, a cybercrime group known for using threats and extortion. This connection points to a larger network of organized hacking operations.
While Google described the stolen data as non-sensitive, cybersecurity professionals remain cautious. Even basic contact details can support phishing attacks and identity theft. Hackers often combine such data with other sources to break into systems.
Google has not said whether it received a ransom demand. The company also has not confirmed if affected customers were notified individually.
Experts advise businesses to strengthen access controls, train staff to recognize social engineering, and use multi-factor authentication. The breach shows how vulnerable companies can become when relying on third-party platforms.
Google continues its investigation. It has also partnered with security teams to improve protections and prevent future incidents. Customers should monitor their accounts and remain alert to suspicious activity.
