Google has confirmed that it was recently impacted by the same wave of Salesforce CRM data theft attacks that have been affecting multiple high-profile companies, part of an ongoing campaign attributed to the ShinyHunters extortion group.
The company disclosed that in June 2025, one of its corporate Salesforce instances was compromised during a targeted attack classified internally as the work of threat actor “UNC6040” (also referred to as “UNC6240”). The attackers used voice phishing (vishing) techniques to breach employee accounts, gaining access to Salesforce data containing customer contact information for small and medium-sized businesses.
Data Exposure Details
According to Google’s statement, the stolen data consisted primarily of business names, contact details, and related notes, most of which was considered basic or publicly available information. The unauthorized access lasted for only a brief period before Google identified the intrusion and cut off the attackers, followed by a full impact assessment and mitigation measures.
ShinyHunters’ Role in the Campaign
While Google referred to the actors as UNC6040, cybersecurity sources and BleepingComputer’s ongoing investigation indicate that the ShinyHunters group is behind this broader campaign. ShinyHunters is a well-known threat actor responsible for numerous high-profile breaches in recent years, including attacks on Snowflake, AT&T, Wattpad, Oracle Cloud, and PowerSchool.
The group has reportedly breached multiple Salesforce instances across global enterprises and is actively extorting victims. Companies are being contacted via email with ransom demands to prevent the public release of stolen data. One victim reportedly paid 4 Bitcoin, which is at this period in time approximately $400,000, to keep its information from being leaked.
Additional Victims and Extortion Activity
Other companies known to be affected in the ongoing attacks include Adidas, Qantas, Cisco, Allianz Life, and luxury brand subsidiaries of LVMH such as Louis Vuitton, Dior, and Tiffany & Co. ShinyHunters has indicated that once private extortion attempts are completed, the group intends to leak or sell the stolen data on underground forums.
How Can Netizen Help?
Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally.
Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.
Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.
Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.
