Home
News
You are here

Google suffers a serious data breach at the hands of a ransomware group

The bad actors are using voice phishing to pull off their malicious attacks.

1comment

By Alan Friedman

Published: Aug 08, 2025, 1:26 PM

Google

There has been a data breach involving one of Google's corporate databases, and data was obtained by the hackers. This was confirmed on August 5th by the Google Threat Intelligence Group (GTIG), which posted that the group responsible for the data breach had a connection to the ShinyHunters ransomware group. Google noted that the data stolen was "basic and largely publicly available business information, such as business names and contact details."

Google's Threat Intelligence Group reported on a data breach that ended up affecting Google itself

The MO of the ShinyHunters group makes the breach concerning. The ransomware group typically uses emails and phone calls to extort its victims, no later than three days after the targeted files have been compromised. Back in June, Google said that it "observed" the ShinyHunters group attacking multi-national companies to steal data from these firms' Salesforce platforms. Salesforce offers cloud-based services to help companies manage their relationships with customers, also known as Customer Relations Management (CRM).

Part of the Salesforce client that is used by the attackets to forge a connection with victims.

The bogus Data Loader requested an eight-digit code that connected the victim to the attacker. | Image credit-Google

GTIG said that the attacks targeted English-speaking employees working for Salesforce clients and used voice phishing to trick the employee into connecting a modified version of Salesforce's Data Loader application. The aforementioned English-speaking employees received phone calls from someone claiming to be IT support personnel, telling the targeted employee to accept a connection to the client application known as Salesforce Data Loader.

As its name suggests, this is a key tool used by administrators and developers at Salesforce looking to import, export, update, or delete a large amount of data. Because the organizations being targeted by the attackers are Salesforce clients and use its CRM platform, the request from the bad actors to install the Data Loader doesn't appear to be unusual. To connect the victim with the attackers, the latter persuades the victim on the phone to open the Salesforce Connect setup page and enter an 8-digit connection code. This connects the victim to the attacker.

Are attacks like this more prevalent than we know?

Yes. Only a small percentage of these attacks become public.

80.9%

No. These attacks rarely occur.

2.25%

It's hard to say.

16.85%

Google itself became a victim of this attack in June when one of its Salesforce CRM installations was breached and customer data stolen. Bleeping Computer spoke with ShinyHunters this past Wednesday and was told that it breached several Salesforce instances, including one related to a trillion-dollar company. The threat actor said that it might decide to just leak the data from that company instead of using it to extort the firm. It is not known for sure whether that company is Google, even though the description fits.

Other companies being attacked are extorted through email, with the threat actor demanding that they pay a ransom in order to keep the data from getting publicly leaked.

Google has been getting hit from all sides lately

The CEO of Closed Door Security, William Wright, said, "The news that Google has suffered a data breach in the recent wave of attacks executed by ShinyHunters highlights that no organization is immune to cybercrime. It doesn’t matter if you are a small business or one of the world’s leading technology firms, all organizations are vulnerable."

For Google, having to deal with a data breach that seeks to extort money from the search giant is just another hassle that the company has had to deal with lately. At the end of last month, the Ninth Circuit Court of Appeals ruled against Google's appeal thus upholding a jury verdict that called Google's Play Store app storefront an illegal monopoly. Additionally, the company is faced with the possibility of losing its search monopoly through the U.S. courts and also through the progression of technology.

With AI becoming more accessible through free apps and websites, many are turning to ChatGPT, Gemini, and other AI apps to get more detailed responses than those available from Google Search which is the leading search engine in the world with a market share approaching 90%.

$349

$799

$450 off (56%)

Mint Mobile now sells the Google Pixel 10 with a massive $450 discount. The promo is available on select color variants with 128GB of storage. You also get a 12-month unlimited data plan for $180 instead of $360.

Buy at Mint Mobile

$524

$999

$475 off (48%)

Grab the pro-grade, compact Pixel 10 Pro at Mint Mobile with a 12-month unlimited plan, and you can save a huge $475. The data plan comes with a discount, too: 50% off, to be exact.

Buy at Mint Mobile

$499

$1199

$700 off (58%)

The high-end Gemini AI-enhanced Pixel 10 Pro XL is now available with a mind-blowing discount. You can now save $700 on the phone, plus 50% off unlimited 12-month plans.

Buy at Mint Mobile

$1399

$1799

$400 off (22%)

The foldable Pixel 10 Pro Fold is another standout holiday offer. Right now, you can get the device for $400 off at Mint Mobile. On top of that, you save $180 on 12-month unlimited data plans.

Buy at Mint Mobile

View Full Bio

Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Read the latest from Alan Friedman