Google Confirms Hackers Broke Into Tech Giant’s Salesforce System, Exposing Sensitive Information of Small Businesses
Hackers have gained access to tech giant Google’s inner systems using its Salesforce account as an entry point.
The tech giant says a cybercriminal group pseudonymously known as “ShinyHunters”, who is known for breaching large organizations using social engineering tactics, accessed the company’s databases.
ShinyHunters has been linked to hacks involving AT&T Wireless, Microsoft, Mashable and many other big companies.
Originally discovered in June, Google says it’s now determined that ShinyHunters pulled off a data breach by targeting one of its instances with Salesforce, a leading software platform that provides customer relationship management (CRM) services.
“In June, one of Google’s corporate Salesforce instances was impacted by similar UNC6040 activity described in this post. Google responded to the activity, performed an impact analysis and began mitigations.
The instance was used to store contact information and related notes for small and medium businesses. Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off. The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.”
Google says the hackers follow a protocol that begins with a phone call posing as Salesforce employees to gain access to the Salesforce account, and ends with the exfiltratiion of the account data, which can then be sold on the dark web or used as leverage for ransom.
Source: Google
Says Google,
“Voice phishing (vishing) as a social engineering method is not, in itself, a novel or innovative technique; it has been widely adopted by numerous financially motivated threat groups over recent years with varied results.
However, this campaign by UNC6040 is particularly notable due to its focus on exfiltrating data specifically from Salesforce environments. Furthermore, this activity underscores a broader and concerning trend: threat actors are increasingly targeting IT support personnel as a primary vector for gaining initial access, exploiting their roles to compromise valuable enterprise data.”
Generated Image: Midjourney
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bitcoin security reaches a historic high, but miner revenue drops to a historic low. Where will mining companies find new sources of income?
The current paradox of the Bitcoin network is particularly striking: while the protocol layer has never been more secure due to high hash power, the underlying mining industry is facing pressure from capital liquidation and consolidation.
What are the privacy messaging apps Session and SimpleX donated by Vitalik?
Why did Vitalik take action? From content encryption to metadata privacy.
The covert war escalates: Hyperliquid faces a "kamikaze" attack, but the real battle may have just begun
The attacker incurred a loss of 3 million in a "suicidal" attack, but may have achieved breakeven through external hedging. This appears more like a low-cost "stress test" targeting the protocol's defensive capabilities.
Trending news
MoreCrypto prices
More
