Google has confirmed a security incident involving one of its Salesforce CRM systems that exposed information of potential Google Ads customers. The compromised data included basic business contact details such as names, phone numbers, and sales notes, but no payment or active Ads account data was affected.
The breach has been linked to the hacking group ShinyHunters, who claim to have stolen around 2.55 million records, though the number of unique entries is unclear. ShinyHunters, reportedly working with Scattered Spider under the combined alias “Sp1d3rHunters,” gained access through social engineering and malicious Salesforce Data Loader OAuth apps. Once inside, they downloaded full Salesforce databases and demanded ransoms from victims, including a 20 Bitcoin ($2.3M) demand sent to Google.
The group later dismissed the ransom email as a joke but has developed new Python-based tools to speed up their data theft operations. Google first reported similar Salesforce-targeting attacks in June, with its own breach occurring a month later. The company says it continues to monitor and address the evolving tactics used in these intrusions.
Read more...