In June 2025, hackers from the notorious ShinyHunters group successfully infiltrated Google’s Salesforce database system using a sophisticated voice phishing (vishing) campaign. The breach, affecting mainly small and medium-sized business clients, allowed attackers to access business contact details, such as company names, emails, and phone numbers.

Google publicly disclosed the incident in August, assuring all stakeholders that no sensitive customer data-like passwords or financial information-was compromised. The hack did not exploit a technical flaw in either Google or Salesforce but relied on deceiving employees into granting access. Authorities have yet to report any received ransom demands, but warnings have surfaced about possible future extortion using leaked information.

Human Element at the Heart of the Attack

The attack on Google’s Salesforce environment underlines a growing trend in cybercrime: targeting the human factor over technological vulnerabilities. According to Google’s Threat Intelligence Group, ShinyHunters hackers used impersonation techniques, phoning IT staff and other employees while masquerading as trusted colleagues. By deploying convincing social engineering, the attackers persuaded victims to reset credentials and install malicious applications on their corporate devices, effectively opening a limited-time gateway to sensitive systems.

Google acted swiftly, identifying and blocking the intrusion within hours and immediately notifying all affected companies. Officials clarified that the compromised data was restricted to publicly available business contact details, and that any potential impacts were mitigated by Google’s incident response measures. Salesforce, Google’s cloud service partner, reiterated that the breach resulted from human error, not a flaw in their technology or software.

Wider Risks and the ShinyHunters Playbook

The ShinyHunters group, also known as UNC6040 in cybersecurity circles, is infamous for a string of high-profile attacks on major corporations worldwide, often followed by ransom demands. Their preferred method involves using compromised credentials-sometimes obtained through unrelated breaches-to springboard new attacks, leveraging cloud-based productivity and customer management platforms popular among large and midsize firms.

Google’s incident is hardly isolated: brands like Qantas, Adidas, Cisco, and luxury retailers have recently faced similar targeting via their Salesforce and related cloud infrastructure.

What sets the Google attack apart is both the scale of the initial data exposed—affecting contact details for an unknown number of businesses—and the potential for further extortion or scams if ShinyHunters chooses to publish the acquired information. Companies using cloud-based tools are being urged to strengthen access controls, enhance employee training, and regularly review incident response protocols to keep pace with evolving threats.

Corporate and Community Responsibility

Both Google and Salesforce have tried to reassure customers by providing detailed communications, promising enhanced monitoring and guidance, and reinforcing that the attack stemmed from person-to-person manipulation rather than any systemic security failure. Nonetheless, the breach has caused concern among stakeholders about data privacy, trust in major technology platforms, and the growing sophistication of cybercrime syndicates.

There is increasing pressure on companies not only to keep up technologically, but to foster cultures of vigilance-where employees feel empowered to challenge suspicious requests, and colleagues support rather than blame each other in the aftermath of an incident. The need for empathy, procedural clarity, and open dialogue around security is more urgent than ever, especially as digital systems become further intertwined with everyday business operations.

The Logical Indian’s Perspective

The Google-Salesforce breach highlights the importance of people-first cybersecurity policies. No matter how robust technological barriers become, the entrances left open by human error or misplaced trust remain the most exploited.

Instead of blaming individuals, organisations must invest in education, dialogue, and empathy, nurturing teams who feel safe raising alarms and asking for help. As ShinyHunters escalate their campaigns, it is a collective responsibility to create resilient, supportive workplaces where security is everyone’s business.