Google confirms breach in Salesforce database
Google has confirmed that hackers gained access to a corporate database containing business contact information. The cyberattack has been linked to the ShinyHunters group, also known in the security world as UNC6040.
The breach hit a Salesforce system used by Google. It stored details of small and medium-sized businesses. The database had company names, contact details, and related notes. Google’s Threat Intelligence team said the attack happened in June 2025. The company revealed it on 5 August 2025 in a blog post.
Google said the stolen information was mostly basic and already public business data. It did not include sensitive personal details like passwords, bank account numbers, or ID numbers. But the attackers still copied the business records during a short time when the system’s defences were weak.
Even though the data taken was not classified as highly sensitive, experts point out that even seemingly harmless information can be useful to cybercriminals. Business contact lists can be exploited for targeted phishing campaigns, fake invoices, or social engineering scams.
How the attack happened
The attackers infiltrated the Salesforce system, which was used to store contact records for various businesses working with Google. The stolen data included the names of companies, their contact information such as email addresses and phone numbers, and notes related to those businesses.
The hackers acted quickly, retrieving the information before their access was cut off. The breach was detected after suspicious activity was noticed within the system. Once discovered, Google blocked the intruders, began a full investigation, and secured the compromised database to prevent further data loss.
How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?
The group believed to be responsible, ShinyHunters, demands payment in bitcoin within a short deadline, often 72 hours. They contact employees directly through emails or phone calls and warn them of data leaks unless the demands are met.
In many past incidents, ShinyHunters has also used a “double extortion” strategy. This means they not only steal the data but also threaten to release it publicly on so-called data leak sites if the ransom is not paid.
ShinyHunters’ known tactics and Google’s response
ShinyHunters has been linked to several big cyberattacks in different industries. They often break into a company’s system and steal important information. Then they pressure the company by threatening to expose the data. When they post stolen data online, it can harm the company’s reputation and cause panic among clients or partners.
In this latest case, it remains unclear whether ShinyHunters has issued a ransom demand directly to Google. However, Google has warned that the attackers might be looking to escalate their extortion attempts by setting up a public data leak site.
To reduce the risk of similar incidents, Google has shared technical details and findings from its investigation with the wider cybersecurity community. This is intended to help other companies identify and defend against related threats. The company also emphasised that the affected Salesforce instance was limited to business-related records and did not contain consumer data.
Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?
The incident shows that even big tech companies can face cyberattacks. Google acted fast to stop the breach. But the hackers still managed to get in and copy the data. This shows how skilled and determined some hacking groups are.
Google’s blog post said the breach was stopped quickly. The Salesforce system held only contact information and notes for small and medium-sized businesses. The company said the data was taken in a short time before access was blocked. They are still watching for any signs of the stolen information being posted online.
