Google Confirms Hackers Broke Into Tech Giant’s Salesforce System, Exposing Sensitive Information of Small Businesses

Hackers have gained access to tech giant Google’s inner systems using its Salesforce account as an entry point.

The tech giant says  a cybercriminal group pseudonymously known as “ShinyHunters”, who is known for breaching large organizations using social engineering tactics, accessed the company’s databases.

ShinyHunters has been linked to hacks involving AT&T Wireless, Microsoft, Mashable and many other big companies.

Originally discovered in June, Google says it’s now determined that ShinyHunters pulled off a data breach by targeting one of its instances with Salesforce, a leading software platform that provides customer relationship management (CRM) services.

“In June, one of Google’s corporate Salesforce instances was impacted by similar UNC6040 activity described in this post. Google responded to the activity, performed an impact analysis and began mitigations.

The instance was used to store contact information and related notes for small and medium businesses. Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off. The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.”

Google says the hackers follow a protocol that begins with a phone call posing as Salesforce employees to gain access to the Salesforce account, and ends with the exfiltratiion of the account data, which can then be sold on the dark web or used as leverage for ransom.

Source: Google

Says Google,

“Voice phishing (vishing) as a social engineering method is not, in itself, a novel or innovative technique; it has been widely adopted by numerous financially motivated threat groups over recent years with varied results.

However, this campaign by UNC6040 is particularly notable due to its focus on exfiltrating data specifically from Salesforce environments. Furthermore, this activity underscores a broader and concerning trend: threat actors are increasingly targeting IT support personnel as a primary vector for gaining initial access, exploiting their roles to compromise valuable enterprise data.”

Generated Image: Midjourney