- By Alex David
- Sun, 10 Aug 2025 04:29 PM (IST)
- Source:JND
Google has officially confirmed that hackers stole business user data from one of its corporate databases. The cyberattack, linked to the notorious ShinyHunters ransomware group (UNC6040), targeted a Salesforce instance used to store contact information for small and medium-sized businesses.
What Happened in the Google Hack
In a post dated August 5, the Google Threat Intelligence Group revealed that the attack took place in June. The compromised database contained business names, contact details, and related notes—data Google describes as “basic and largely publicly available.”
No sensitive personal information seems to have been taken, but the hackers were able to access the data during the brief timeframe the system was vulnerable.
Attackers are thought to be linked to ShinyHunters, which is a cybercrime gang that specialises in extortion attacks, including making threats to send email and phone warnings requesting Bitcoin payments in 72 hours.
ALSO READ: ChatGPT o3 Beats Grok 4 In Chess: Kaggle’s High-Stakes LLM Chess Showdown
Google’s Response
In line with Google, the firm moved fast—performing an impact assessment, containing the breach, and publishing intelligence on UNC6040 to the broader security community. Google could not confirm whether a ransom had been demanded.
A spokesperson said everything public is on the blog post, yet did not specify if the affected organisations were notified as soon as the incident occurred.
Why This Matters for Businesses
Security experts stress that no organisation is immune to cyberattacks—whether you’re a small company or one of the world’s most secure tech giants.
- William Wright, closed-door security CEO, cautioned that the delay in alerting the victims could have left them exposed for months.
- Jamie Akhtar, CyberSmart CEO, has suggested that the breach could have been due to social engineering or human mistake, pointing out that the best technical defences will fall if staff are manipulated into providing access.
- Dray Agha, security operations manager at Huntress, warned of third-party platforms such as Salesforce and advised companies to tightly control vendors with access to sensitive information.
Preventing Similar Attacks
Some experts point to credential-less authentication as a potential solution, making it impossible for attackers to exploit stolen or reset passwords. Federico Simonetti, CTO at Xiid, stressed that this should be seen as essential, not optional.
Some advocate for a multilayered security approach through limited access, enhanced fishing awareness training, and 24/7 visibility of cloud services.
Should Customers Be Worried?
For now, experts agree that there’s no sign the stolen data poses a direct risk to customers. Since the compromised database contained largely public business information, the immediate fallout appears limited.
As Akhtar summed up: “Be cautious, but don’t panic.”