International Private School of Technology المدرسة الدولية الخاصة للتكنولوجيا Private School مدرسة خاصة للتكوين المهني
In June 2025, Google confirmed it had fallen victim to a targeted cyberattack exploiting its Salesforce platform, orchestrated by the cybercriminal group known as ShinyHunters (UNC6040). The breach occurred while Google’s own security team was tracking similar attacks on other companies, revealing the sophistication of the operation.
The attackers used a vishing technique — voice phishing — to impersonate a Google employee and contact internal IT support. Through this manipulation, they secured a password reset and deployed a maliciously modified Salesforce Data Loader application, granting them access to a specific database containing business information about small and medium-sized enterprises. According to Google, the compromised data included company names, contact details, and other public or semi-public information, with no exposure of sensitive payment details, Google Ads accounts, or Analytics data.
The intrusion window was brief, and Google swiftly cut off access, conducted a forensic investigation, and sent notification emails to affected entities by August 8, 2025. Although the stolen data was not considered highly sensitive, cybersecurity experts warn that such information could still be leveraged for phishing, spear-phishing, and other targeted attacks in the future.
This incident highlights the persistent threat of social engineering, even against highly secure organizations. Experts recommend enforcing multi-factor authentication, limiting user privileges, regularly auditing third-party integrations such as Salesforce apps, and training employees to detect and report suspicious calls. As ShinyHunters continues to target major corporations worldwide, the Google breach serves as a reminder that human factors remain a critical vulnerability in cybersecurity.