Google says hackers stole some of its data following Salesforce breach

News
By published

ShinyHunters have now found a way into Google's systems

Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
(Image credit: Shutterstock / janews)
  • Google has confirmed suffering a data breach
  • The attack was carried out by ShinyHunters, once again hijacking systems
  • The group apparently snuck into a Salesforce instance

Cybercriminals known as ShinyHunters (UNC6040) recently broke into Google and stole business customer information from one of its corporate Salesforce instances, the company has confirmed.

In a blog post breaking down ShinyHunters’ modus operandi, the company somewhat played down the importance of the incident, noting the miscreants didn’t really grab anything sensitive, or of particular value.

“In June, one of Google’s corporate Salesforce instances was impacted by similar UNC6040 activity described in this post,” the company said, “the data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.”

"Publicly available business information"

ShinyHunters is a threat actor that targets corporate Salesforce instances, by impersonating company staff and calling IT support on the phone.

During the call, they tell the IT technician that they lost access to their work platform and manage to convince them to change the login credentials.

Although it might sound trivial, the technique seems to be working rather well, as multiple organizations have recently reported losing sensitive data to the same group, in the same manner.

Google did not say how many companies were affected by the breach, and declined commenting further. We don’t know if ShinyHunters reached out with a ransom demand in exchange for destroying the stolen files.

Currently, ShinyHunters is one of the most active threat actors, and probably among the most successful ones.

In recent weeks, the group managed to break into both Pandora and insurance giant Allianz Life, and has also taken credit for breaches at AT&T, Santander, Ticketmaster, and many others.

The group does not deploy an encryptor, and is rather just focused on data exfiltration, making it one of several ransomware groups which have recently pivoted away from encrypting files, a process that is apparently expensive and time-consuming.

Via TechCrunch

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.