Google confirms data stolen in breach by known hacker group

When a hospital or nonprofit falls victim to a cyberattack, it’s hard to place blame. Cybersecurity isn’t their strength, and many lack the budget for a dedicated security team, let alone a chief technology officer.
But when a tech giant like Google suffers a data breach, it raises serious questions. Is data security slipping down the company’s priority list? Or are today’s cybercriminals so advanced that even Google’s top engineers are struggling to keep up?
Here’s what happened: Google recently confirmed that hackers stole customer data by breaching one of its internal databases. The breach targeted a system that used Salesforce, a popular cloud-based platform companies use to manage customer relationships, store business contact info, and track interactions. The attack has been linked to a known threat group.

What you need to know about Google data breach
Google has confirmed that a hacking group known as ShinyHunters stole customer data from one of its internal Salesforce databases used to manage business client relationships. The company disclosed the breach in a blog post published in early August, noting that the stolen data included “basic and largely publicly available business information, such as business names and contact details.”
The breach was carried out by ShinyHunters, a well-known cybercriminal group formally tracked as UNC6040. The group has recently been linked to a string of high-profile incidents involving companies such as AT&T, Ticketmaster, Allianz Life, and Pandora. In this case, the attackers targeted Google’s corporate Salesforce instance, a system the company uses to store contact information and notes about small and medium-sized businesses.
According to Google’s Threat Intelligence Group, the attackers relied on voice phishing, or “vishing,” impersonating company employees in phone calls to IT support and persuading them to reset login credentials. This technique has proven effective against multiple organizations in recent months.

No company is safe from cyberattacks
Google did not specify how many customers were affected by the breach. When asked for comment, a company spokesperson pointed CyberGuy back to the blog post and declined to elaborate. It is also unclear whether Google has received any sort of ransom demand from the group.
Cisco, Qantas, and Pandora have all reported similar breaches in recent months, which now appear to be part of a broader campaign targeting cloud-based customer relationship management tools.
In its blog post, Google warned that ShinyHunters may be preparing a public leak site. Ransomware gangs often use this tactic to extort companies, threatening to publish stolen data. The group reportedly shares infrastructure and personnel with other cybercriminal collectives, including The Com, which runs extortion campaigns and has, in some cases, issued threats of physical violence.

9 ways to stay safe from voice phishing and social engineering attacks
While organizations like Google may be prime targets, individuals are often the weakest link that attackers exploit. But with a few smart practices, you can dramatically reduce your risk.
1) Never share login credentials over the phone
The Google breach happened because employees gave up sensitive information over a phone call. No legitimate IT team will ever ask you to share your password or 2FA codes over the phone. If someone does, it’s a major red flag.
2) Always verify who’s calling
If someone claims to be from your company’s IT department or a service provider, hang up and call back using an official number. Never trust the number displayed on caller ID.
3) Enable two-factor authentication (2FA)
Even if credentials are compromised, two-factor authentication (2FA) can block unauthorized access by adding an extra layer of security. It ensures that a password alone isn’t enough to break into your accounts.
4) Beware of phishing links too
Phishing emails and messages often include links that take you to fake websites designed to steal your login credentials or personal information. These messages usually create a sense of urgency, asking you to verify an account, reset a password, or claim a reward. Instead of clicking the link, take a moment to inspect the message.
The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
- Strong real-time protection against viruses, malware, ransomware and hacking attempts
- AI-powered scam protection to help identify suspicious emails, texts and websites
- Built-in password manager to securely store and manage logins
- 2 GB PC cloud backup to help protect important files from ransomware or hardware failure
- Smart firewall and phishing protection
- Protects 1, 3 or 5 devices
- Available for Windows, macOS, Android and iOS
- Includes real-time threat protection, smart firewall and phishing protection to guard against online attacks
5) Use a data removal service
Attackers are able to carry out phishing, smishing, and vishing attacks because your personal data is readily available online. The less of it that’s publicly accessible, the harder it becomes for them to craft convincing scams.
While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.
Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.
Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.
- Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
- Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
- The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.
CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.
The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.
Is your personal information exposed online?
Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.
6) Keep your software and browsers up to date
Attackers often exploit outdated software with known vulnerabilities. Make sure your operating system, browsers, plugins, and apps are always running the latest version. Enable auto-updates wherever possible to avoid missing critical patches.
7) Use a password manager with phishing detection
A good password manager doesn’t just store strong, unique passwords; it can also alert you if you’re on a suspicious site. If your password manager refuses to autofill your login, it could mean the site is fake.
- Unlimited password storage
- Secure sharing
- Password health reports
- Auto-fill and emergency access
- Data breach monitoring to alert you if your credentials have been exposed
- A Security Dashboard with tools like the Data Breach Scanner and Password Health Checker to identify weak, reused, or compromised passwords
CyberGuy Exclusive Deal: Save 52% now with CyberGuy’s exclusive NordPass offer – Get 1 extra month FREE with a 2-year plan. Try 30 days risk-free for only $1.43 per month!
8) Monitor your accounts for unusual activity
If you suspect a breach, watch your accounts for unauthorized logins, password reset emails, or other suspicious behavior. Set up alerts when possible. Many online services offer login notifications or dashboards that show recent access history.
9) Report phishing attempts
If you receive a vishing or phishing attempt, report it to your organization’s IT/security team or the appropriate government agency (like reportfraud.ftc.gov in the U.S.). Reporting helps shut down these scams faster and can protect others.
Related Links:
- How to hand off data privacy for older adults to a trusted loved one
- The Data Broker opt-out steps every retiree should take today
- Stop data brokers from selling your information online
Kurt’s key takeaway
While the data exposed in Google’s case may be limited, the breach highlights a persistent vulnerability in corporate systems, which is people. And ShinyHunters appears to be getting increasingly effective at exploiting that. However, what I find most concerning is vishing. Also known as voice phishing, Vishing isn’t new. But its growing success shows just how fragile even well-defended systems can be when human error is involved.
How confident are you in your company’s cybersecurity awareness training? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.