Google Confirms Data Breach Linked to ShinyHunters

Google has confirmed that information from some of its customers was stolen following a breach of one of its databases, in an attack linked to the hacking group ShinyHunters.

In a blog post published on August 4th, Google’s Threat Intelligence Group revealed that one of its Salesforce database systems, used to store contact information and related notes for small and medium-sized businesses, was accessed without authorization.

“The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details,” the company said. Google did not disclose how many customers were affected and it is not yet known whether the company has received any ransom demands. Google also warned that ShinyHunters may be preparing to launch a data leak site to pressure victims into paying to prevent the public release of stolen data.

ShinyHunters, formally designated as UNC6040, is well known for targeting large corporations and their cloud-based databases. The group has been linked to a number of recent attack on Salesforce systems, including Cisco, Qantas, and Pandora.

Google said the attackers used voice phishing where threat actors posed as trusted contacts over the phone to trick employees into granting access to cloud-based Salesforce databases.

In an update on August 8th in the same blog post, Google said emails are being sent to those affected by the incident, later confirming they have completed sending the email notifications.