Google has confirmed a cybersecurity breach in which hackers accessed a corporate database containing business contact information.
The tech giant claimed that the attack was linked to UNC6040. This threat group is associated with the scandalous ShinyHunters ransomware operation.
Google Threat Intelligence Group (GTIG) noted that the breach affected a Salesforce instance storing “contact information and related notes for small and medium businesses.”
The breached data involves “basic and largely publicly available business information, such as business names and contact details.”
Sharing details of the incident, Google confirmed that the attack occurred in June and that the hacker “retrieved” data during the brief window of access.
The company has not shared any details regarding whether a ransom was demanded. But looking at previous patterns, ShinyHunters typically extort victims through email or phone, demanding Bitcoin payments within 72 hours.
Cybersecurity experts showed concern over the breach, noting that even big names like Google are vulnerable.
CEO of Lab, Robin Brattel, stated: “The speed at which organisations are falling victim to cyber attacks targeting Salesforce instances is nothing short of alarming. Hackers are using information that's already been made public, often from past data breaches, to target organisations.”
Adding to this, the CEO of Closed Door Security, noted: “It doesn’t matter if you are a small business or one of the world’s leading technology firms, all organizations are vulnerable.”
While discussing the reason for this breach, Jamie Akhtar, CEO of CyberSmart, stated: “The best technical defences in the world won’t protect you if a member of staff clicks on something they shouldn’t.”
