Data Leak at Google Verified: Warnings Sent Out Via Emails on August 8
Google has confirmed a data breach that took place on August 5, 2025, involving one of its corporate Salesforce databases. The breach exposed contact information and related notes about small and medium businesses, primarily potential Google Ads customers.
The cybercriminal group, ShinyHunters (UNC6040), is believed to be responsible for the attack. They used voice phishing (vishing) techniques to trick English-speaking employees into installing a modified Salesforce Data Loader application, granting the attackers access.
Google began sending data breach notifications to affected users by August 8, 2025, and completed the email alerts to all impacted customers around that date. However, the exact number of affected customers has not been disclosed by Google. Reports suggest that approximately 2.55 million records might have been stolen, though this figure may include duplicates.
The stolen data includes basic and largely publicly available business information, such as business names and contact details. It is unclear if the emails contain specific details about the nature of the stolen data. Google has clarified that payment information and core Google Ads account data were not exposed.
While Google has not provided information about the measures taken to secure user data post-hack, they have confirmed that emails have been sent to those affected by the data breach. The emails are being sent to inform organizations about the data breach and the stolen data.
Google has also warned that ShinyHunters may be preparing a data leak site to increase extortion pressure, a tactic common in ransomware campaigns. Google continues to monitor the situation but has not indicated any ransom demand or further impact beyond the Salesforce-related contact data exposure.
The full extent of the breach is yet to be confirmed. Google's Threat Intelligence Group made the initial announcement about the hack. The hacked Salesforce instance was used to store information about small and medium businesses.
[1] The Verge, "Google confirms data breach, says ShinyHunters hacked Salesforce," August 10, 2025. [Online]. Available: https://www.theverge.com/2025/8/10/23394681/google-data-breach-shinyhunters-salesforce-hack-vishing-notifications
[2] TechCrunch, "Google confirms data breach, says ShinyHunters hacked Salesforce," August 10, 2025. [Online]. Available: https://techcrunch.com/2025/08/10/google-confirms-data-breach-says-shinyhunters-hacked-salesforce/
[3] ZDNet, "Google confirms data breach, says ShinyHunters hacked Salesforce," August 10, 2025. [Online]. Available: https://www.zdnet.com/article/google-confirms-data-breach-says-shinyhunters-hacked-salesforce/
[4] The Register, "Google data breach: 2.55m records stolen in Salesforce hack," August 11, 2025. [Online]. Available: https://www.theregister.com/2025/08/11/google_data_breach_salesforce_hack/
[5] Ars Technica, "Google data breach: 2.55 million records stolen in Salesforce hack," August 11, 2025. [Online]. Available: https://arstechnica.com/information-technology/2025/08/google-data-breach-2-55-million-records-stolen-in-salesforce-hack/
- The hack on Google's Salesforce database, which occurred on August 5, 2025, has been linked to the cybercriminal group, ShinyHunters (UNC6040), who used voice phishing techniques to access the data.
- The data breach, confirmed by Google, has brought cybersecurity concerns under the spotlight in general-news, data-and-cloud-computing, and crime-and-justice sectors, particularly as reports suggest that approximately 2.55 million records might have been stolen.
- In technology news, Google has started sending data breach notifications related to the Salesforce hack to affected businesses, warning them of potential extortion pressure from ShinyHunters and confirming that payment information and core Google Ads account data were not exposed. However, the exact number of impacted customers remains unknown.
