Google’s Salesforce database system was hacked by hackers from a group called ShinyHunters. Google has confirmed the attacks and states that general data like customer and company names were leaked, but not passwords.
According to Google, its corporate Salesforce instances were impacted by UNC6040 activity. The instance was used to store contact information and related notes for small and medium businesses.
According to its own analysis, the hacker retrieved data during a small window of time before the access was cut off. “The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details,” the tech giant said on Aug. 5.
Google further updated that the people or companies impacted during the hack were informed through emails.
Google also believes the threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site.
This is a new tactic to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches.
The tech giant explaining the hack said that it involves a voice call to enroll a victim, which is initiated using Mullvad VPN IPs or TOR. Following this initial engagement, the data collection is automated and through TOR IPs, a change that further complicates attribution and tracking efforts.
Google has observed that the threat actor shifted from creating Salesforce trial accounts using webmail emails to using compromised accounts from unrelated organizations to initially register their malicious applications.
. Read more on Technology by NDTV Profit.