Overview

• Google confirmed a number of successful Google account intrusions that relied on compromised passwords.
• The campaign traces back to a June social‑engineering breach of a Google Salesforce instance, with attackers impersonating IT support via calls, emails and texts.
• Google says the data taken was basic, largely public business information that is now being repurposed to craft targeted phishing and vishing attempts.
• The company notified impacted contacts by email on August 8 and reiterates that it will never call users unprompted.
• Google warns actors using the ShinyHunters brand may launch a data‑leak site to escalate extortion and advises users to update passwords and enable two‑factor authentication.