Google discovered a new scam—and also fell victim to it

Google said that its Salesforce instance was among those that were compromised. The breach occurred in June, but Google only disclosed it on Tuesday, presumably because the company only learned of it recently.

“Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off,” the company said.

Data retrieved by the attackers was limited to business information such as business names and contact details, which Google said was “largely public” already.

Google initially attributed the attacks to a group traced as UNC6040. The company went on to say that a second group, UNC6042, has engaged in extortion activities, “sometimes several months after” the UNC6040 intrusions. This group brands itself under the name ShinyHunters.

“In addition, we believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS),” Google said. “These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches.”

Google discovered a new scam—and also fell victim to it

Other newsrooms on this story

Related reading

Google warns hackers stealing Salesforce data from companies

Google says hackers stole its customers' data by breaching a Salesforce…

Google sales data breached in the same scam it discovered

Google disrupts hackers using AI to exploit an unknown weakness in a company’s…

Un gruppo hacker ha violato decine di aziende Ue tramite una finta app di…

Google warns that mass data theft hitting Salesloft AI agent has grown bigger