Google confirms data stolen in breach by known hacker group

Google search app on phone

When a hospital or nonprofit falls victim to a cyberattack, it’s hard to place blame. Cybersecurity isn’t their strength, and many lack the budget for a dedicated security team, let alone a chief technology officer.

But when a tech giant like Google suffers a data breach, it raises serious questions. Is data security slipping down the company’s priority list? Or are today’s cybercriminals so advanced that even Google’s top engineers are struggling to keep up?

Here’s what happened: Google recently confirmed that hackers stole customer data by breaching one of its internal databases. The breach targeted a system that used Salesforce, a popular cloud-based platform companies use to manage customer relationships, store business contact info, and track interactions. The attack has been linked to a known threat group.

 

 

Google logo on a building

 

What you need to know about Google data breach

Google has confirmed that a hacking group known as ShinyHunters stole customer data from one of its internal Salesforce databases used to manage business client relationships. The company disclosed the breach in a blog post published in early August, noting that the stolen data included “basic and largely publicly available business information, such as business names and contact details.”

The breach was carried out by ShinyHunters, a well-known cybercriminal group formally tracked as UNC6040. The group has recently been linked to a string of high-profile incidents involving companies such as AT&T, Ticketmaster, Allianz Life, and Pandora. In this case, the attackers targeted Google’s corporate Salesforce instance, a system the company uses to store contact information and notes about small and medium-sized businesses.

According to Google’s Threat Intelligence Group, the attackers relied on voice phishing, or “vishing,” impersonating company employees in phone calls to IT support and persuading them to reset login credentials. This technique has proven effective against multiple organizations in recent months.

A person using a laptop

 

No company is safe from cyberattacks

Google did not specify how many customers were affected by the breach. When asked for comment, a company spokesperson pointed CyberGuy back to the blog post and declined to elaborate. It is also unclear whether Google has received any sort of ransom demand from the group.

Cisco, Qantas, and Pandora have all reported similar breaches in recent months, which now appear to be part of a broader campaign targeting cloud-based customer relationship management tools.

In its blog post, Google warned that ShinyHunters may be preparing a public leak site. Ransomware gangs often use this tactic to extort companies, threatening to publish stolen data. The group reportedly shares infrastructure and personnel with other cybercriminal collectives, including The Com, which runs extortion campaigns and has, in some cases, issued threats of physical violence.

Google search page

 

9 ways to stay safe from voice phishing and social engineering attacks

While organizations like Google may be prime targets, individuals are often the weakest link that attackers exploit. But with a few smart practices, you can dramatically reduce your risk.

 

1) Never share login credentials over the phone

The Google breach happened because employees gave up sensitive information over a phone call. No legitimate IT team will ever ask you to share your password or 2FA codes over the phone. If someone does, it’s a major red flag.

 

2) Always verify who’s calling

If someone claims to be from your company’s IT department or a service provider, hang up and call back using an official number. Never trust the number displayed on caller ID.

 

3) Enable two-factor authentication (2FA)

Even if credentials are compromised, two-factor authentication (2FA) can block unauthorized access by adding an extra layer of security. It ensures that a password alone isn’t enough to break into your accounts.

 

4) Beware of phishing links too

Phishing emails and messages often include links that take you to fake websites designed to steal your login credentials or personal information. These messages usually create a sense of urgency, asking you to verify an account, reset a password, or claim a reward. Instead of clicking the link, take a moment to inspect the message.

The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

One of the top solutions we recommend is Norton Antivirus Plus, which extends protection beyond just traditional virus scanning. While iPhones have strong built-in security, Norton adds an important extra layer by helping block malicious websites, phishing links, and unsafe downloads before they can cause harm. If you accidentally tap a bad link in an email, text message, or social media post, Norton helps prevent access to known dangerous sites using its continuously updated threat intelligence. If you are interested in a strong antivirus with phone customer service, we recommend Norton Antivirus Plus. This product includes:
  • Strong real-time protection against viruses, malware, ransomware and hacking attempts
  • AI-powered scam protection to help identify suspicious emails, texts and websites
  • Built-in password manager to securely store and manage logins
  • 2 GB PC cloud backup to help protect important files from ransomware or hardware failure
  • Smart firewall and phishing protection
COVERAGE
  • Protects 1, 3 or 5 devices
  • Available for Windows, macOS, Android and iOS
  • Includes real-time threat protection, smart firewall and phishing protection to guard against online attacks
EXCLUSIVE CYBERGUY DEAL: 58% off (year 1) Please note that the above product is the core antivirus product. Norton may try to upsell additional products, but we don’t recommend them. We encourage you to decline those offers.

 

5) Use a data removal service

Attackers are able to carry out phishing, smishing, and vishing attacks because your personal data is readily available online. The less of it that’s publicly accessible, the harder it becomes for them to craft convincing scams.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.

Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.

  • Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
  • Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
  • The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.

CyberGuy Exclusive: 60% off

CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.

The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.

Get Incogni and remove your info
Get Incogni’s Family Plan

   

 

Is your personal information exposed online?

Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.

6) Keep your software and browsers up to date

Attackers often exploit outdated software with known vulnerabilities. Make sure your operating system, browsers, plugins, and apps are always running the latest version. Enable auto-updates wherever possible to avoid missing critical patches.

 

7) Use a password manager with phishing detection

A good password manager doesn’t just store strong, unique passwords; it can also alert you if you’re on a suspicious site. If your password manager refuses to autofill your login, it could mean the site is fake.

One of the best password managers out there is NordPass. It is secure, user-friendly, and uses zero-knowledge architecture with military-grade XChaCha20 encryption to protect your data. NordPass works across Windows, macOS, Linux, Android, iOS, and major browsers and includes features like:
  • Unlimited password storage
  • Secure sharing
  • Password health reports
  • Auto-fill and emergency access
  • Data breach monitoring to alert you if your credentials have been exposed
  • A Security Dashboard with tools like the Data Breach Scanner and Password Health Checker to identify weak, reused, or compromised passwords
Use NordPass to check if your email or passwords have shown up in known data breaches, and take immediate action if they have.
 
CyberGuy Exclusive Deal: Save 52% now with CyberGuy’s exclusive NordPass offer – Get 1 extra month FREE with a 2-year plan. Try 30 days risk-free for only $1.43 per month!

 

8) Monitor your accounts for unusual activity

If you suspect a breach, watch your accounts for unauthorized logins, password reset emails, or other suspicious behavior. Set up alerts when possible. Many online services offer login notifications or dashboards that show recent access history.

 

9) Report phishing attempts

If you receive a vishing or phishing attempt, report it to your organization’s IT/security team or the appropriate government agency (like reportfraud.ftc.gov in the U.S.). Reporting helps shut down these scams faster and can protect others.

 

Related Links: 

 

Kurt’s key takeaway

While the data exposed in Google’s case may be limited, the breach highlights a persistent vulnerability in corporate systems, which is people. And ShinyHunters appears to be getting increasingly effective at exploiting that. However, what I find most concerning is vishing. Also known as voice phishing, Vishing isn’t new. But its growing success shows just how fragile even well-defended systems can be when human error is involved.

How confident are you in your company’s cybersecurity awareness training? Let us know in the comments below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2025 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.