Home / Technology / Google Breach Exposes Business Client Data in Widespread CRM Attacks
Google Breach Exposes Business Client Data in Widespread CRM Attacks
16 Aug
Summary
- Google confirms breach of internal Salesforce database
- Hackers stole customer data using voice phishing tactics
- Breach linked to known cybercriminal group ShinyHunters
According to a recent report, Google has confirmed that a data breach has exposed business client information from its internal Salesforce database. The attack, which was carried out by the well-known cybercriminal group ShinyHunters, involved the use of voice phishing, or "vishing," tactics to gain access to login credentials.
The breach is part of a broader campaign targeting cloud-based customer relationship management (CRM) tools, with similar incidents reported by companies like Cisco, Qantas, and Pandora in recent months. ShinyHunters, also known as UNC6040, has been linked to a string of high-profile data breaches involving various organizations.
In this case, the attackers were able to impersonate Google employees in phone calls to IT support, convincing them to reset login credentials and granting the hackers access to the company's corporate Salesforce system. This system was used to store contact information and notes about small and medium-sized businesses.
While Google has not specified the exact number of customers affected, the breach has raised concerns about the security of cloud-based platforms and the vulnerability of even well-defended systems to human error. The incident highlights the growing threat of vishing scams, which are becoming increasingly effective at exploiting employee trust and gaining access to sensitive information.
