Google Salesforce Breach Spreads to More Firms

Google confirmed that its Salesforce database for small and medium business customers was breached in June 2025 by the hacker group ShinyHunters, also known as UNC6040. The attackers used advanced voice phishing (vishing) tactics to gain access and stole basic business contact information, which was largely publicly available. Google and security experts stated that no sensitive or confidential data was involved, and there is no public disclosure of the number of affected customers or any ransom demand. The breach is part of a wider campaign targeting Salesforce CRM systems at major firms including Cisco, Qantas, and Allianz Life, with extortion attempts and potential data leaks. Google has implemented mitigation steps and warned that similar attacks may impact more organizations. The incident underscores the rising risk of social engineering threats to cloud-based CRM systems and highlights the importance of access controls and employee training.