Google has confirmed that in June 2025, a hacker group known as ShinyHunters (tracked as UNC6040) breached one of its Salesforce corporate databases. The group’s action resulted in the theft of basic business contact information and notes related to small- and medium-sized enterprise clients.
(Source: ITPro News and TechRadar Pro)
In a blog post, Google stated that the threat actors used voice phishing (vishing) to trick employees into granting access via a fake connected app, which impersonated a legitimate Salesforce feature. Google stressed that the retrieved data was limited to publicly available business names and contacts, though the confidentiality of business communications remains a concern.
Source: [Washington Post via navlist not needed]
Industry-Wide CRM Security Risks
This breach is part of a broader pattern: Google’s update came shortly after similar Salesforce-based data thefts were uncovered at companies like Qantas, Allianz Life, LVMH, and Pandora, also attributed to ShinyHunters.
(Source: Daily Security Review and BleepingComputer)
Experts attribute the growing threat to voice phishing, combined with social engineering via counterfeit Salesforce apps, which allow attackers to evade traditional security protocols.
(Source: CSO Online)
