In June 2025, hackers from the infamous ShinyHunters group infiltrated Google’s Salesforce database system through a sophisticated voice phishing (vishing) campaign. The breach, which primarily affected small and medium-sized businesses, exposed company names, emails, and phone numbers but did not compromise sensitive information such as passwords or financial data.
Google disclosed the incident in August, clarifying that the attack was not due to a technical flaw in Google or Salesforce systems. Instead, it relied on deceiving employees. Hackers impersonated trusted colleagues over phone calls, persuading staff to reset credentials and install malicious applications on corporate devices. This manipulation gave attackers short-term access to Salesforce data.
Google’s Threat Intelligence Group reported that the intrusion was identified and blocked within hours. All affected businesses were promptly notified, and incident response measures were implemented to mitigate risks. Salesforce also emphasized that the breach was caused by human error, not technological vulnerabilities.
ShinyHunters, also known as UNC6040, has a record of high-profile cyberattacks worldwide, often using stolen credentials to compromise cloud-based platforms. Experts warn that the exposed data could still be used for scams or extortion.
This breach underscores the growing importance of people-first cybersecurity. While advanced systems can prevent technical exploitation, human trust remains the most targeted vulnerability. Experts urge companies to invest in stronger employee training, access controls, and open dialogue around security. Building a culture of vigilance and empathy, rather than blame, is vital for resilience against evolving cyber threats.
