ShinyHunters breach Google’s Salesforce database
Organisations urged to secure Salesforce access and educate staff on phishing threats.
Google has confirmed a data breach during its investigation into the ShinyHunters group, revealing the tech giant was also affected. The attackers accessed a Salesforce database used for storing small business customer information.
The breach exposed business names and contact details during a short window before access was revoked. Google stated no highly sensitive or personal data was compromised.
ShinyHunters used phishing and vishing tactics to trick users into authorising malicious Salesforce apps disguised as legitimate tools. The technique mirrors previous high-profile breaches involving firms like Santander and Ticketmaster.
Google warned the group may escalate operations by launching a data leak site. Organisations are urged to tighten their cybersecurity measures and access controls, train staff and apply multi-factor authentication across all accounts.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!