Google confirms Salesforce CRM breach, faces extortion threat

Threat Score:
79
4 articles
100.0% similarity
17 hours ago

Article Timeline

4 articles
Click to navigate
Aug 09
Aug 10
Aug 10
Aug 10
Oldest
Latest

Key Insights

1
Google confirmed a data breach affecting its Salesforce CRM, leaking approximately 2.5 million records related to Google Ads customers, as reported by ShinyHunters.
2
The breach, attributed to the financially motivated threat group UNC6040, was detected in June 2025 and involved basic business information such as email addresses and phone numbers.
3
Google completed email notifications to affected users on August 8, 2025, following an initial announcement on August 5, 2025.
4
The compromised data did not include sensitive payment information, but it raises concerns regarding potential extortion schemes, according to Google’s Threat Intelligence Group.
5
ShinyHunters, the group behind the attack, has been linked to other data theft incidents targeting Salesforce customers and has reportedly issued an extortion demand to Google.
6
Google stated that the breach was limited in scope and primarily involved publicly accessible information, though the risk of misuse remains a significant concern.

Threat Overview

Google has confirmed a significant data breach involving its Salesforce Customer Relationship Management (CRM) system, resulting in the exposure of approximately 2.5 million records tied to Google Ads customers. The breach was detected in June 2025 and was executed by a financially motivated threat group known as UNC6040, which is recognized for its advanced voice phishing tactics. Google completed email notifications to affected customers on August 8, 2025, following an initial announcement on August 5. According to Google's Threat Intelligence Group, the exposed data included basic business information such as business names, email addresses, and phone numbers, along with related notes stored in the Salesforce instance. Although Google emphasized that the compromised data was primarily publicly accessible and did not include sensitive payment information, the potential for this information to be utilized in subsequent extortion schemes has raised alarms. ShinyHunters, the group responsible for the breach, has also been linked to other data theft incidents involving Salesforce customers and has reportedly sent an extortion demand to Google. The company is taking steps to mitigate the impact of this breach and has reiterated the importance of safeguarding customer data. This incident highlights ongoing vulnerabilities within CRM systems and the need for enhanced security measures to protect sensitive business information.

Tactics, Techniques & Procedures (TTPs)

T1589.001
Gather Victim Identity Information - Attackers obtained business contact details from compromised Salesforce CRM [1][3]
T1071.001
Application Layer Protocol: Web Protocols - Exploitation involved accessing Salesforce's web-based interface [2][3]
T1566.002
Spearphishing Link - Attackers may have used phishing tactics to gain initial access to the Salesforce instance [1][2]
T1190
Exploit Public-Facing Application - Attackers exploited vulnerabilities in the Salesforce CRM to extract data [1][3]
T1070.001
Indicator Removal on Host: File Deletion - Threat actors may have attempted to delete logs or indicators of compromise [2][3]
T1056.001
Input Capture: Keylogging - Potential use of keyloggers to capture login credentials during the attack [2][4]
T1005
Data from Local System - Data was extracted from the compromised Salesforce instance [1][3]

Timeline of Events

2025-06
Google detects unauthorized access to its Salesforce CRM instance [1]
2025-06
Attack attributed to threat group UNC6040, known for advanced phishing tactics [1][2]
2025-08-05
Google publicly announces the data breach and its implications [3]
2025-08-08
Google completes notifications to affected customers regarding the breach [2][3]
2025-08-10
Reports emerge that ShinyHunters issued an extortion demand to Google [2][4]

Source Citations

expert_quotes: {'ShinyHunters statement': 'Article 4', 'Google Threat Intelligence Group': 'Article 1'}
primary_findings: {'Extent of data leaked': 'Articles 1, 4', 'Threat actor identification': 'Articles 2, 3', 'Breach confirmation and details': 'Articles 1, 2, 3'}
technical_details: {'Data types exposed': 'Articles 1, 4', 'Attack method description': 'Articles 2, 3'}
Powered by ThreatCluster AI
Generated 2 hours ago
Recent Analysis
AI analysis may contain inaccuracies

Related Articles

4 articles
1

Google confirms Salesforce CRM breach, faces extortion threat

Security Affairs 6 hours ago

Google disclosed a Salesforce Customer Relationship Management (CRM) breach exposing data of some prospective Google Ads customers. Google confirmed a breach in a Salesforce CRM instance affecting the data of prospective Google Ads customers. The website Databreaches.net reported that the attackers have sent an extortion demand to the Tech giant. Google Threat Intelligence Group confirmed that […]

Score
86
100.0% similarity
Read more
2

Google Hacked – Approx 2.5 Million Records of Google Ads Customer Data Leaked

GB Hackers 4 hours ago

Google Hacked – Approx 2.5 Million Records of Google Ads Customer Data Leaked Google has disclosed a significant data breach involving one of its corporate Salesforce instances, compromising customer data tied to its Google Ads platform. Google has not revealed the exact number of people impacted, but according to ShinyHunters,who spoke with Cyber Security News, the breach exposed around 2.5 million records (Approx). Whether some of these entries are duplicates is still unknown. The incident, de

Score
83
100.0% similarity
Read more
3

Google Confirms Data Breach – Notifying Users Affected By the Cyberattack

Cybersecurity News 17 hours ago

Tech giant Google has officially acknowledged a significant data breach affecting its corporate Salesforce database, with the company completing email notifications to affected users as of August 8, 2025. Google revealed on August 5 that one of its corporate Salesforce instances was compromised in June 2025 by the notorious cybercriminal group known as ShinyHunters, officially […]

Score
59
95.0% similarity
Read more
4
Google confirms data breach exposed potential Google Ads customers' info

Google confirms data breach exposed potential Google Ads customers' info

BleepingComputer 1 day ago

Google confirms data breach exposed potential Google Ads customers' info Lawrence Abrams August 9, 2025 03:15 PM 0 Google has confirmed that arecently disclosed data breachof one of its Salesforce CRM instances involved the information of potential Google Ads customers. "We're writing to let you know an event that affected a limited set of data in one of Google's corporate Salesforce instances used to communicate with prospective Ads customers," reads a data breach notification shared with Bleep

Score
51
95.0% similarity
Read more