- Google has confirmed suffering a data breach
- The attack was carried out by ShinyHunters, once again hijacking systems
- The group apparently snuck into a Salesforce instance
Cybercriminals known as ShinyHunters (UNC6040) recently broke into Google and stole business customer information from one of its corporate Salesforce instances, the company has confirmed.
In a blog post breaking down ShinyHunters’ modus operandi, the company somewhat played down the importance of the incident, noting the miscreants didn’t really grab anything sensitive, or of particular value.
“In June, one of Google’s corporate Salesforce instances was impacted by similar UNC6040 activity described in this post,” the company said, “the data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.”
"Publicly available business information"
ShinyHunters is a threat actor that targets corporate Salesforce instances, by impersonating company staff and calling IT support on the phone.
During the call, they tell the IT technician that they lost access to their work platform and manage to convince them to change the login credentials.
Although it might sound trivial, the technique seems to be working rather well, as multiple organizations have recently reported losing sensitive data to the same group, in the same manner.
Google did not say how many companies were affected by the breach, and declined commenting further. We don’t know if ShinyHunters reached out with a ransom demand in exchange for destroying the stolen files.
Currently, ShinyHunters is one of the most active threat actors, and probably among the most successful ones.
In recent weeks, the group managed to break into both Pandora and insurance giant Allianz Life, and has also taken credit for breaches at AT&T, Santander, Ticketmaster, and many others.
The group does not deploy an encryptor, and is rather just focused on data exfiltration, making it one of several ransomware groups which have recently pivoted away from encrypting files, a process that is apparently expensive and time-consuming.
Via TechCrunch
You might also like
- Pandora confirms data breach - customer data stolen, here's what we know
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
