Google has confirmed that hackers breached one of its Salesforce databases and accessed customer information, marking the latest high-profile cyber incident involving cloud-based systems. In a blog post published late Tuesday, Google’s Threat Intelligence Group attributed the attack to ShinyHunters, a notorious hacking group also known by the designation UNC6040.
The compromised database reportedly contained contact information and related notes for small and medium-sized businesses. Google emphasized that the stolen data was limited to basic and mostly publicly accessible business details, such as company names and contact info. However, the tech giant did not reveal the number of customers affected and has yet to confirm whether it received any communication or ransom demands from the attackers.
ShinyHunters is widely known for targeting large corporations and exploiting their cloud infrastructures. The group’s tactics include voice phishing—tricking company employees into divulging credentials or granting access to sensitive systems. This breach follows a series of similar incidents involving Salesforce systems, including data thefts from companies like Cisco, Qantas, and Pandora, as previously reported by cybersecurity publication Bleeping Computer.
Google also warned that ShinyHunters may be preparing a data leak site—a tactic used by ransomware groups to pressure victims into paying by threatening to publish stolen data. The group reportedly has links to other criminal networks, including The Com, a cybercrime collective known for using hacking, extortion, and even threats of violence to infiltrate corporate systems.
