Leak at Google
In August 2025, Google confirmed that a Salesforce CRM instance holding contact data for small-business Google Ads prospects was breached by ShinyHunters (UNC6040) via a vishing attack, exposing roughly 2.55 million records of business names, emails and phone numbers.
- Victim
- records
- 2.5M
On 13 August 2025, Google β the technology and advertising giant β confirmed that one of its corporate Salesforce instances had been breached, exposing the contact records of small and medium-sized businesses listed as Google Ads prospects.
The intrusion was the work of the ShinyHunters group (tracked by Google as UNC6040), part of a wider campaign that hit Salesforce customers throughout 2025. Rather than exploiting a software flaw, the attackers used social engineering: posing as IT support over the phone (vishing), they convinced an employee to authorize a malicious version of Salesforce's Data Loader application, which let them siphon data from the CRM. The breach itself occurred in June 2025 and was publicly disclosed in early August.
Roughly 2.55 million records were taken. Google stressed that the exposed data was limited to basic, largely public business information:
- Company / business names
- Professional email addresses
- Phone numbers
- Associated CRM notes
No passwords, payment data or Gmail / Google account content were involved. Google said it cut off the attackers' access after a short window and declined to pay the ransom reportedly demanded by ShinyHunters. The same campaign claimed numerous other victims, including Cisco, Adidas, Qantas, Allianz Life, Dior, Louis Vuitton, Tiffany & Co. and Pandora.
Sources
- 01net.comhttps://www.01net.com/actualites/fuite-donnees-chez-google-255-millions-dinformations-piratees.html
- safecode.frhttps://safecode.fr/fuite-donnees-google-shinyhunters-salesforce-piratage/
- freenews.frhttps://www.freenews.fr/actu-du-net/gafam/fuite-donnees-google-attaque-2025
- lemagit.frhttps://www.lemagit.fr/actualites/366629178/Cyberattaques-la-campagne-ciblant-les-clients-de-Salesforce-sintensifie