Google confirms data stolen in breach by known hacker group

When a hospital or nonprofit falls victim to a cyberattack, it's hard to place blame. Cybersecurity isn't their strength, and many lack the budget for a dedicated security team, let alone a chief technology officer.

But when a tech giant like Google experiences a data breach, it raises serious questions. Is data security slipping down the company's priority list? Or are today's cybercriminals so advanced that even Google's top engineers are struggling to keep up?

Here's what happened: Google recently confirmed that hackers stole customer data by breaching one of its internal databases. The breach targeted a system that used Salesforce, a popular cloud-based platform companies use to manage customer relationships, store business contact information and track interactions. The attack has been linked to a known threat group.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM/NEWSLETTER

DIOR DATA BREACH EXPOSES US CUSTOMERS' PERSONAL INFORMATION

Google has confirmed that a hacking group known as ShinyHunters stole customer data from one of its internal Salesforce databases used to manage business client relationships. The company disclosed the breach in a blog post published in early August, noting that the stolen data included "basic and largely publicly available business information, such as business names and contact details."

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

The breach was carried out by ShinyHunters, a well-known cybercriminal group formally tracked as UNC6040. The group has recently been linked to a string of high-profile incidents involving companies such as AT&T, Ticketmaster, Allianz Life and Pandora. In this case, the attackers targeted Google's corporate Salesforce system, which the company uses to store contact information and notes about small and medium-sized businesses.

According to Google's Threat Intelligence Group, the attackers relied on voice phishing, or "vishing," impersonating company employees in phone calls to IT support and persuading them to reset login credentials. This technique has proven effective against multiple organizations in recent months.

Google did not specify how many customers were affected by the breach. When asked for comment, a company spokesperson pointed CyberGuy back to the blog post and declined to elaborate. It is also unclear whether Google has received any sort of ransom demand from the group.

Cisco, Qantas and Pandora have all reported similar breaches in recent months, which now appear to be part of a broader campaign targeting cloud-based customer relationship management tools.

In its blog post, Google warned that ShinyHunters may be preparing a public leak site. Ransomware gangs often use this tactic to extort companies, threatening to publish stolen data. The group reportedly shares infrastructure and personnel with other cybercriminal collectives, including The Com, which runs extortion campaigns and has, in some cases, issued threats of physical violence. 

While organizations like Google may be prime targets, individuals are often the weakest link that attackers exploit. But with a few smart practices, you can dramatically reduce your risk.

The Google breach happened because employees gave up sensitive information over a phone call. No legitimate IT team will ever ask you to share your password or 2FA codes over the phone. If someone does, it's a major red flag.

If someone claims to be from your company's IT department or a service provider, hang up and call back using an official number. Never trust the number displayed on caller ID.

Even if credentials are compromised, two-factor authentication (2FA) can block unauthorized access by adding an extra layer of security. It ensures that a password alone isn't enough to break into your accounts.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Phishing emails and messages often include links that take you to fake websites designed to steal your login credentials or personal information. These messages usually create a sense of urgency, asking you to verify an account, reset a password or claim a reward. Instead of clicking the link, take a moment to inspect the message.

The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com/LockUpYourTech

Attackers are able to carry out phishing, smishing and vishing attacks because your personal data is readily available online. The less of it that's publicly accessible, the harder it becomes for them to craft convincing scams.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

Attackers often exploit outdated software with known vulnerabilities. Make sure your operating system, browsers, plugins and apps are always running the latest version. Enable auto updates wherever possible to avoid missing critical patches.

A good password manager doesn't just store strong, unique passwords; it can also alert you if you're on a suspicious site. If your password manager refuses to autofill your login, it could mean the site is fake.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords

If you suspect a breach, watch your accounts for unauthorized logins, password reset emails or other suspicious behavior. Set up alerts when possible. Many online services offer login notifications or dashboards that show recent access history.

If you receive a vishing or phishing attempt, report it to your organization's IT/security team or the appropriate government agency (like reportfraud.ftc.gov in the U.S.). Reporting helps shut down these scams faster and can protect others.

While the data exposed in Google's case may be limited, the breach highlights a persistent vulnerability in corporate systems: people. ShinyHunters seems to be getting more effective at exploiting that weakness. What's even more concerning is the rise of vishing, also known as voice phishing. Vishing isn't new, but its growing success shows just how fragile even well-defended systems can be when human error is involved.

How confident are you in your company's cybersecurity awareness training? Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM/NEWSLETTER 

Copyright 2025 CyberGuy.com.  All rights reserved.