Particle.news
Download on the App Store
13 ARTICLES
·
3d ago

Google Confirms June Salesforce Breach, Warns of ShinyHunters’ Data-Leak Site Plans

Google has fully contained the brief June breach in which attackers stole basic contact records using voice phishing.

Fashion Giant Chanel Reports Salesforce-Linked Data Breach by ShinyHunters
Image
ShinyHunters Breach Google’s Salesforce Database Using Vishing Tactic
Image

Overview

  • In an August 5 update, Google attributed the compromise of its corporate Salesforce instance to the ShinyHunters group (UNC6040) and an affiliated extortion cluster (UNC6240).
  • Attackers used voice phishing calls to trick employees into installing a fake Salesforce Data Loader app, enabling them to exfiltrate business contact information during a short access window.
  • Google says the stolen data was confined to basic and publicly available business names, contact details and related notes, with no sensitive customer records taken.
  • Following the discovery, Google performed impact analyses, cut off unauthorized access and has begun mitigation efforts including tighter API permissions and enforced multi-factor authentication.
  • Threat actors continue extortion demands and may launch a public data-leak site to increase pressure on other global firms such as Adidas, Cisco, Qantas and Pandora.