Hackers Accessed Salesforce Database for SMB Clients
Google revealed this week that a cybercriminal group known as ShinyHunters breached one of its internal Salesforce database systems. The compromised system stored contact details and related notes pertaining to small and medium-sized businesses (SMBs) that interact with Google’s services. The breach underscores the growing challenge of defending even major tech companies against persistent social engineering attacks.
According to a blog post published by Google on Tuesday, the hackers had access to the system for a limited period before the breach was detected and blocked. The company stated that most of the exposed information consisted of basic business data that was already publicly available. However, the incident highlights the vulnerabilities in enterprise software systems widely used by global corporations.
ShinyHunters’ Methods and Ongoing Campaign
ShinyHunters is known for using social engineering techniques, particularly voice phishing, to target employees. The group typically impersonates IT support personnel to trick victims into resetting passwords or authorizing the installation of malicious software. Once inside a system, ShinyHunters exfiltrates data and often returns months later to demand ransom payments, threatening to leak the stolen information if their demands are not met.
So far in 2025, ShinyHunters has been linked to several high-profile data breaches, including those affecting Qantas, Allianz Life, Louis Vuitton and Adidas. Each of these incidents involved vulnerabilities in Salesforce systems and exploited human error rather than technical flaws. The group’s continued success has made it one of the most prolific cyber threats currently facing corporate IT environments.
Impact and Response from Google
Google emphasized that the data breach was limited in scope and did not include highly sensitive or private user information. Nonetheless, the company acknowledged the seriousness of the incident and said that it had taken steps to secure the affected systems and prevent similar intrusions in the future.
The company did not disclose whether it had received a ransom demand from the attackers. This omission leaves open the possibility that negotiations or investigations are ongoing. Google’s security team is reportedly working with external cybersecurity experts to further analyze the breach and its potential implications for business partners.
Security Challenges Facing Enterprise Software Users
The breach highlights the broader security risks associated with third-party platforms like Salesforce, which are widely used to manage customer relationships and business data. As companies increasingly rely on cloud-based enterprise systems, they become more exposed to social engineering tactics that bypass technical defenses by exploiting human behavior.
With ShinyHunters targeting some of the world’s most recognized brands, the group’s activities reflect a broader trend in cybercrime: a pivot from direct malware attacks to more subtle and personalized infiltration strategies. Organizations are being urged to strengthen employee training, enhance access controls and monitor third-party integrations more closely.
