430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google confirms Salesforce CRM breach, faces extortion threat

Google disclosed a Salesforce Customer Relationship Management (CRM) breach exposing data of some prospective Google Ads customers. Google confirmed a breach in a Salesforce CRM instance affecting the data of prospective Google Ads customers. The website Databreaches.net reported that the attackers have sent an extortion demand to the Tech giant. Google Threat Intelligence Group confirmed that […]

Google Big Sleep

Google disclosed a Salesforce Customer Relationship Management (CRM) breach exposing data of some prospective Google Ads customers.

Google confirmed a breach in a Salesforce CRM instance affecting the data of prospective Google Ads customers. The website Databreaches.net reported that the attackers have sent an extortion demand to the Tech giant.

Google Threat Intelligence Group confirmed that one of its Salesforce database systems, used to store contact information and related notes for small and medium-sized businesses, was breached by the threat actor ShinyHunters (aka UNC6040). 

“In June, one of Google’s corporate Salesforce instances was impacted by similar UNC6040 activity described in this post. Google responded to the activity, performed an impact analysis and began mitigations. The instance was used to store contact information and related notes for small and medium businesses.” reads the statement published by Google. “Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off. The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.”

The tech giant has already notified impacted individuals.

Exposed info includes business names, phone numbers, and “related notes” for a Google sales agent to contact them again. Financial data was not impacted, the incident did not affect Ads data in Google Ads Account, Merchant Center, Google Analytics, and other Ads products.

ShinyHunters claimed the Google breach involved around 2.55M records, the threat actor is working with Scattered Spider that provide them initial access to the targets, and now called this collaboration “Sp1d3rHunters” as per Bleeping Computer.

ShinyHunters allegedly demanded 20 BTC (~$2.3M) from Google but later claimed it was a prank. They now use a custom tool to more quickly exfiltrate data from compromised Salesforce systems.

Google’s Threat Intelligence Group is tracking UNC6040, a financially motivated group that uses voice phishing to target Salesforce systems for large-scale data theft and extortion. Posing as IT support, they call employees, often in English-speaking branches of global firms, to trick them into granting access or sharing credentials. A common tactic is getting victims to approve a fake Salesforce Data Loader app, giving the attackers the ability to steal sensitive data. In some cases, months pass before extortion begins, sometimes under the name ShinyHunters to boost intimidation.

Google data breach

Threat actors used social engineering to steal credentials or link malicious Salesforce Data Loader OAuth apps, then downloaded entire databases and extorted victims.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Google)