Ethical Hacking News
Google has confirmed a recent data breach affecting potential Google Ads customers' information and has attributed the incident to ShinyHunters and Scattered Spider. The breach exposed approximately 2.55 million data records, including business names and contact information.
Google revealed a data breach of one of its Salesforce CRM instances, exposing sensitive information of potential Google Ads customers. The breach, attributed to ShinyHunters and Scattered Spider, resulted in the theft of approximately 2.55 million data records. No payment information was compromised, but basic business contact information was exposed. ShinyHunters claimed to have developed a new custom tool to facilitate their attacks, using Python scripts instead of the Salesforce Data Loader app previously used. The threat actors conducted social engineering tactics to gain access to credentials or trick employees into linking a malicious version of the Data Loader OAuth app. Google has recommended that its customers take immediate action to secure their Salesforce environments and protect sensitive data.
On August 9, 2025, at 03:15 PM, Google revealed that a recent data breach of one of its Salesforce CRM instances exposed the sensitive information of potential Google Ads customers. The breach, which has been attributed to threat actors known as ShinyHunters and their associates with Scattered Spider, resulted in the theft of approximately 2.55 million data records, including business names, phone numbers, and related notes.
The exposure was confirmed by a notification shared with BleepingComputer, which stated that the impacted data included basic business contact information and related notes used by Google sales agents to communicate with prospective Ads customers. Notably, payment information was not compromised in this breach, and there is no reported impact on Google Ads Account, Merchant Center, Google Analytics, or other related Ads products.
Threat actors known as ShinyHunters have been behind a wave of data theft attacks targeting Salesforce customers, and they claim to be working with Scattered Spider to conduct these illicit activities. In an interview with BleepingComputer, ShinyHunters revealed that the stolen information contains approximately 2.55 million data records, although it is unclear if there are any duplicate entries within this dataset.
ShinyHunters also claimed that they have developed a new custom tool to facilitate their attacks, which utilizes Python scripts instead of the Salesforce Data Loader app previously used. This new tooling has been acknowledged by Google, which has stated that it has seen evidence of these attacks in its threat intelligence operations.
In an ongoing series of attacks on Salesforce customers, ShinyHunters and Scattered Spider have conducted social engineering tactics to gain access to credentials or trick employees into linking a malicious version of the Data Loader OAuth app to the target's Salesforce environment. Once inside, they download the entire Salesforce database and extort the companies via email, threatening to release the stolen data unless a ransom is paid.
The threat actors have sent an extortion demand to Google, but if the company fails to comply, it is unclear what will happen next. However, given their history of taunting companies by leaking stolen data for free after receiving payment, it's possible that they may choose to do so again in this instance as well.
Google has confirmed a recent data breach affecting potential Google Ads customers' information and has attributed the incident to ShinyHunters and Scattered Spider. The breach exposed approximately 2.55 million data records, including business names and contact information.
According to BleepingComputer, this data breach is not an isolated incident and is part of a larger pattern of attacks on Salesforce customers by these threat actors. In June, Google's Threat Intelligence Group (GTIG) first reported the presence of these attacks, and in July, another company suffered a similar breach.
Databreaches.net has also documented other instances of ShinyHunters' activities, including recent attacks on Qantas, Allianz Life, and LVMH. The threat actors have become increasingly sophisticated, developing custom tools to make their attacks more efficient and targeted.
To combat this threat, Google recommends that its customers take immediate action to secure their Salesforce environments and protect sensitive data. This includes implementing robust security measures, such as multi-factor authentication and monitoring for suspicious activity.
Furthermore, the incident highlights the importance of ongoing vigilance in the face of emerging threats from sophisticated cyberattack groups. As ShinyHunters continue to evolve and adapt their tactics, companies must remain proactive in defending against these types of attacks.
In conclusion, the recent data breach affecting potential Google Ads customers serves as a stark reminder of the ongoing threat landscape in the world of cybersecurity. While payment information was not compromised, sensitive business contact information was exposed, putting thousands of individuals at risk.
As ShinyHunters and Scattered Spider continue to wreak havoc on Salesforce customers, it is essential for companies to prioritize their security posture and take proactive steps to prevent similar breaches from occurring in the future.
The incident also underscores the importance of threat intelligence and continuous monitoring for detecting emerging threats. As these groups continue to adapt and evolve, it's crucial that organizations stay informed and prepared to defend against their tactics.
Ultimately, this data breach serves as a call to action for companies to re-evaluate their security measures and prioritize the protection of sensitive data.
In light of this incident, we will continue to monitor the situation closely and provide updates on any developments or emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Google-Confirms-Data-Breach-Exposed-Potential-Google-Ads-Customers-Information-ehn.shtml
https://www.bleepingcomputer.com/news/security/google-confirms-data-breach-exposed-potential-google-ads-customers-info/
Published: Sat Aug 9 15:06:13 2025 by llama3.2 3B Q4_K_M
