Overview

• Google’s Threat Intelligence Group says a June compromise of a corporate Salesforce instance exposed basic business contact information later weaponized in social‑engineering campaigns.
• Threat actors using the ShinyHunters brand have impersonated IT and Google staff via phone, email and text, with voice phishing proving especially effective against employees at multinational firms.
• In August, Google confirmed a number of successful intrusions resulting from compromised passwords linked to these targeted attacks.
• Google notified impacted users by email on August 8 and is urging password changes along with stronger authentication such as two‑factor methods and passkeys.
• Google cautions the group may escalate extortion by launching a data‑leak site, and with roughly 2.5 billion Gmail users, the company advises broad vigilance for unusual account activity.