Google confirmed a data breach involving one of its Salesforce CRM instances, exposing information of Google Ads customers.
Alphabet-owned Google has confirmed the breach in a notification sent to the affected users, stating that the incident leaked essential business contact credentials such as contact numbers, names, and more.
However, ads and payments data remained secure.
Was Google hacked?
Google confirmed that the cybersecurity attack was associated with ShinyHunters, a hacking group now calling itself “Sp1d3rHunters,” which claimed connections with Scattered Spider.
The phishing group said that the Scattered Spider got initial access, while ShinyHunter efficiently manages data exfiltration, similar to previous Snowflake breaches.
It is pertinent to mention that the group claimed to have got nearly 2.55 million records. However, the actual number of distinctive entries still remains under wraps.
Several reports suggested that the hackers used social engineering to breach employees' data or trick them into verifying a suspicious Salesforce Data Loader OAuth app, allowing full database installations.
Later, the stolen data is used for harmful purposes such as extortion, asking for ransom money by threatening them to publish it.
ShinyHunters reportedly demanded 20 Bitcoins (approx. $2.3 million) from Google; however, the group later said that the ransom request was only for fun.
In June, Google’s Threat Intelligence Group first reported a similar attack case, with this major data breach incident happening a month later.
Notably, hackers claimed that they are now using an advanced custom tool to expedite future Salesforce breaches.
