Google has confirmed a security breach targeting an internal database used to manage relationships with its business clients.
The incident resulted in the theft of customer data, including business names and contact details, by the hacking group ShinyHunters.
Hackers Used Voice Phishing to Infiltrate System
The attackers gained access to Google’s corporate Salesforce system through a method known as voice phishing, or “vishing.”
In this social engineering scheme, the hackers impersonated company employees in phone calls directed at IT support personnel.
They successfully persuaded the support staff to reset login credentials, which granted the unauthorized actors access to the cloud-based platform.
The breach specifically affected an internal database that utilized Salesforce to manage client information for small and medium-sized businesses.
Extortion Believed to Be Primary Motive
The group responsible, identified by Google’s Threat Intelligence Group as ShinyHunters and also tracked as UNC6040, is suspected of having financial motives.
Reports suggest the group may be establishing a public leak site, a common tactic used by ransomware gangs to extort victims by threatening to release stolen information.
Google disclosed the details of the security compromise in a blog post released in early August.
This event follows a series of other high-profile data breaches that have recently affected major companies, including AT&T, Ticketmaster, Cisco, and Pandora.
