The notorious hacker group ShinyHunters was able to extract customer data from a Salesforce database via voice phishing.
Google has confirmed that one of its Salesforce databases was hacked by the hacker group ShinyHunters, also known as UNC6040. Data from an unknown number of customers was stolen, although according to Google it only involved “basic information such as company names and contact details”.
Breach via Voice Phishing
The attack affected a system that Google uses to manage contact details and notes of SMEs. According to Google’s blog post, the attackers were able to deceive employees through voice phishing and gain access to the cloud environment.
Google has not disclosed how many customers were affected. It is also unknown whether any ransom was demanded. A company spokesperson declined further comment to TechCrunch.
Laid off by AI
According to Google, the group may be working on its own data leak website, which they could use to extort victims by making stolen data public. There are also reportedly links to other cybercriminal networks.
Salesforce recently allowed AI to perform half of all tasks within the company. This naturally leads to layoffs: earlier this year, 1,000 employees lost their jobs, while new hires are being made to promote the AI platform Agentforce. According to Benioff, a “digital labor revolution” is currently taking place, allowing AI to enable people to create “added value”.