Last week, Google confirmed a successful cyberattack that led to the theft of customer data proving that even one of the world’s most powerful tech giants is not immune to security breaches.
The incident took place in June this year, targeting a Google corporate database hosted on Salesforce. According to the Google Threat Intelligence Group (GTIG), the compromised database stored contact details and related notes for small and medium-sized businesses.
Google clarified that the attackers had only a brief window of access before it was cut off. The stolen data consisted mainly of publicly available business information, including company names and contact details.
Contact Center Technology Insights: Alvaria and CallMiner Partner to Deliver AI-Powered Insights
ShinyHunters Takes Credit
Cybersecurity experts believe the attack was carried out by the ShinyHunters ransomware group also known as UNC6040 a notorious hacking collective with a long history of data breaches. Reports from Cyber Security News indicate that ShinyHunters has unofficially claimed responsibility, boasting about stealing approximately 2.55 million customer records.
While no specific samples of the stolen data have been released, ShinyHunters is known for setting up data leak sites to pressure victims into paying Bitcoin ransoms.
On August 8, GTIG confirmed that it had completed email notifications to all affected customers, signaling the end of its initial response phase.
How the Hack Happened
Surprisingly, this breach didn’t rely on advanced coding exploits. Instead, the attackers used a voice phishing (vishing) tactic a social engineering method that targets human vulnerabilities rather than technical flaws.
The hackers impersonated IT support staff and tricked administrators into downloading a malicious version of Salesforce Data Loader, disguised under names like “My Ticket Portal.” The legitimate tool can extract, update, or delete Salesforce data, making it a prime target.
By mimicking the real software, the attackers reused OAuth credentials to bypass consent screens and infiltrate the backend quietly extracting sensitive data without triggering alarms.
Security expert Anshul Verma, President of Cynoteck Technology Solutions, emphasized that this was not a Salesforce software flaw but a human-driven breach exploiting trust and familiarity.
Contact Center Technology Insights: $1.5B Genesys Deal: 3 Hot Takes on SN & Salesforce's Move
Lessons for Businesses
Verma and other cybersecurity leaders warn that even the strongest security tools are useless if misconfigured or misused. They stress:
-
Only download software from official, trusted sources.
-
Rigorously vet and continuously monitor third-party vendors with access to sensitive data.
-
Invest in security awareness training and enforce tighter access controls for cloud services.
Dray Agha, Senior Manager of Security Operations at Huntress, reminded companies that vendor risk is constant, and proactive monitoring is critical.
The Bigger Picture
This attack may not have been technically sophisticated, but it highlights a growing truth in the AI-driven cybercrime era: breaches are inevitable. Businesses must prepare not only to prevent them but also to respond effectively.
An Incident Response Plan tested and updated regularly can make the difference between swift recovery and lasting damage. As this breach proves, if it can happen to Google, it can happen to anyone.
Contact Center Technology Insights: NTT DATA Launches Microsoft Cloud Unit to Boost AI Growth
To join our expert panel discussions, reach out to sudipto@intentamplify.com
