Particle.news

Download on the App Store

Google Confirms ShinyHunters Salesforce Breach: Extortion Plans Underway

Google’s security teams have contained the June breach, issuing a warning that the extortion arm of ShinyHunters is preparing a public data leak site

Fashion Giant Chanel Reports Salesforce-Linked Data Breach by ShinyHunters
Image
ShinyHunters Breach Google’s Salesforce Database Using Vishing Tactic
Google suffers a serious data breach at the hands of a ransomware group

Overview

  • Google disclosed that one of its corporate Salesforce instances was breached in June by UNC6040, linked to ShinyHunters, resulting in the theft of basic business names and contact details
  • Attackers employed voice phishing calls to trick employees into installing a fraudulent Salesforce Data Loader app that granted temporary access to the database
  • After detecting the intrusion, Google’s Threat Intelligence Group performed an impact analysis, contained the breach and began mitigation measures
  • A separate cluster, UNC6240, has used the stolen data to demand ransoms in bitcoin and is reportedly preparing a public data leak site to increase pressure on victims
  • The broader ShinyHunters campaign has already targeted Adidas, Qantas, Allianz Life, Cisco and luxury brands such as Louis Vuitton and Dior, and more corporate disclosures are expected soon