Google has confirmed a significant security breach after hackers tied to the notorious ShinyHunters group infiltrated its corporate Salesforce databases. 
The cyberattack, which took place in June 2025, exposed weaknesses in Google’s supply chain security and compromised business contact information, though no sensitive consumer or payment data was taken.
According to Google’s Threat Intelligence Group (GTIG), the attackers-also known as UNC6040-used a sophisticated voice phishing scheme. By posing as members of Google’s internal IT team, they persuaded employees to install a tampered version of Salesforce’s Data Loader tool. This gave them access to corporate databases before the intrusion was detected.
While the breach did not touch Google’s core systems or steal personal user data, cybersecurity analysts warn it still carries serious risks. The stolen business contact details could be exploited in future phishing campaigns or serve as a stepping stone for more damaging attacks.
ShinyHunters has a history of demanding ransoms, though Google has not disclosed any such demands in this case. What makes the incident especially concerning is that Google’s own security researchers had been tracking ShinyHunters’ activities beforehand, yet the attackers still found a way in. This underlines a hard truth: even the most prepared tech giants can be blindsided by well-executed social engineering tactics.
Experts say this breach serves as a reminder that cybersecurity is not just about defending core infrastructure-it’s also about safeguarding every link in the supply chain. For organizations worldwide, the lesson is clear: vigilance must extend far beyond the obvious targets.