Google reports that it has suffered a data breach. This incident is the latest attack by the hacker group ShinyHunters, which has been targeting Salesforce CRM in recent months.
In June 2025, Google specialists warned that groups they track under the codenames UNC6040 and UNC6240 (also known as ShinyHunters) are attacking companies using social engineering and vishing (voice phishing). The hackers’ objective is to compromise Salesforce to gain access to customer data.
After stealing data, the attackers extort money from the affected companies, threatening to publish the stolen information if they fail to comply.
This week, the company updated its June publication and released a statement announcing that in June, Google itself fell victim to a similar attack: hackers managed to compromise one of the Salesforce CRM instances and stole customer data.
“In June, one of Google’s corporate Salesforce instances was affected by similar activity from UNC6040. Google responded to the incident by analyzing the impact and taking measures to mitigate it,” the statement reads. “This instance was used to store contact information and related notes for small and medium-sized businesses. The analysis revealed that data was extracted by the attackers within a short period before access was closed. The information obtained by the attackers was mostly limited to basic and publicly available data, such as company names and contact details.”
According to Bleeping Computer, these attacks are attributed to the long-standing hacker group ShinyHunters. In the past, this group has been known for attacks on Oracle Cloud, Snowflake, AT&T, NitroPDF, Wattpad, MathWay, and more.
Hackers have now confirmed in a conversation with journalists that they recently hacked a “trillion-dollar company” and are now considering the option of leaking the stolen data without extortion. However, ShinyHunters did not specify if they were referring to Google.
Typically, after a breach and data theft, attackers contact the affected organizations via email and demand a ransom. If negotiations fail, hackers may either publicly disclose the information or sell it on the darknet.
The publication notes that a recently unnamed company paid ShinyHunters 4 BTC (about $400,000 at the current exchange rate) to prevent a data breach.
In recent months, nearly identical data breaches have also affected: Adidas, Qantas Airlines, insurance company Allianz Life, several LVMH brands (Louis Vuitton, Dior, and Tiffany & Co), the Cisco.com website, as well as fashion house Chanel and Danish jewelry company Pandora.