Google Data Breach Tied to Salesforce Hack by ShinyHunters Group

Red Dog Security

07 Aug 2025 — 1 min read

In an update to its June advisory, Google disclosed that it, too, fell victim to a similar attack.

“In June, one of Google’s corporate Salesforce instances was compromised by UNC6040 activity,” the company stated. “The affected instance stored contact information and related notes about small and medium-sized businesses. Our investigation determined the attackers extracted data during a brief window before we terminated access. The compromised information was limited to basic, publicly available details like company names and contact information.”

While Google emphasized the limited sensitivity of the exposed data, the admission places it among a growing list of global companies affected by this campaign.

ShinyHunters’ Expanding Hit List

According to Bleeping Computer, ShinyHunters—already linked to past breaches at Oracle Cloud, Snowflake, AT&T, NitroPDF, Wattpad, and Mathway—is behind the recent wave of Salesforce-focused attacks.

The group recently told journalists that it had breached a “trillion-dollar company” and was considering leaking the stolen data without a ransom demand. Though Google was not explicitly named, the timing and circumstances align closely.

ShinyHunters is known for its classic extortion playbook:

Breach the system
Exfiltrate data
Contact the victim via email
Demand payment under threat of public release

If negotiations stall, the group either dumps the data publicly or sells it to the highest bidder.

Bleeping Computer reported that one unnamed company recently paid 4 BTC (roughly $400,000) to prevent its stolen data from being leaked.

Pattern of High-Profile Victims

This breach adds Google to a list of prominent organizations affected by similar campaigns in recent months, including:

Adidas
Qantas Airways
Allianz Life
LVMH brands (Louis Vuitton, Dior, Tiffany & Co.)
Cisco.com
Chanel
Pandora (Danish jewelry company)

The incidents highlight a growing risk vector in the form of third-party platforms like Salesforce, where even basic CRM data can be exploited at scale for extortion, targeting, and brand damage.

Media: Anti-Spam Measures Lead to Blocking of Business Calls

New anti-spam regulations that took effect on September 1 are causing widespread disruption to business communications. According to media reports, telecom operators—acting under legal requirements to limit spam calls—have begun blocking all calls from commercial organizations, leaving banks, developers, and market research firms scrambling to move customer interactions

Pudu Robotics’ Robots Vulnerable to Exploitation

An independent cybersecurity researcher known as BobDaHacker has discovered security flaws in the products of Pudu Robotics, a leading global supplier of commercial service robots. The vulnerabilities made it possible for attackers to redirect robots to arbitrary locations and force them to execute unauthorized commands. The Company and Its Products

Google Patches 120 Vulnerabilities in Android, Including Two 0-days

Google developers have released security updates for Android that fix 120 vulnerabilities in the operating system. According to the company, two of these issues have already been used by hackers in targeted attacks. The 0-days patched this month have been assigned the identifiers CVE-2025-38352 (7.4 out of 10 on

Hackers Abuse the Velociraptor Forensics Tool

Sophos researchers have uncovered a cyberattack in which unknown threat actors abused the open-source endpoint monitoring and forensics tool Velociraptor. “In this incident, the attackers used the tool to download and run Visual Studio Code, likely with the intention of creating a tunnel to a command-and-control server under their control,