What types of information were exposed in the Google breach?

The exposed data includes business names of small and medium-sized companies, contact details for business clients, and related notes and correspondence stored in the Salesforce system used for managing Google's SME customer relationships.

How many individuals or businesses were affected by the Google data breach?

Google has not disclosed the number of affected individuals and businesses in this data breach. The company only confirmed that small and medium-sized enterprises' information was compromised but did not provide specific figures on the scope of the incident.

Who is believed to be behind the Google cyberattack?

The attack has been attributed to ShinyHunters operatives, who used voice phishing techniques to impersonate IT support staff and trick Google employees. This group has been conducting similar attacks against multiple major organizations.

Is this Google breach part of a larger pattern of attacks?

Yes, this is another instance of the voice phishing attacks targeting Salesforce instances. The same attack pattern has also compromised other major companies including Cisco, Chanel, Pandora, KLM, and Air France using similar techniques.

When did the Google Salesforce breach occur?

The breach occurred in June 2025, when ShinyHunters operatives successfully used voice phishing techniques to trick a Google employee into authorizing a malicious connected application on the company's Salesforce portal.

Incident

Google confirms data breach of Salesforce instance via voice phishing attack

Q: What did the malicious application allow attackers to do?

Once authorized, the malicious app gave the cybercriminals capabilities to access, query, and steal sensitive information directly from Google's Salesforce customer environment. This allowed them to extract business data stored in the system without further authentication barriers.

Q: How did Google characterize the severity of the stolen data?

Google emphasized that the stolen data was 'confined to basic and largely publicly available business information' and that no more sensitive corporate or personal information was compromised during the breach. The company downplayed the sensitivity of the exposed information.

published: Aug. 6, 2025

Learn More

Google has confirmed that cybercriminals successfully breached one of its Salesforce instances systems and stole customer information.

The breach occurred in June 2025 and targeted a corporate Salesforce instance used to store contact information and related business notes for small and medium-sized enterpriss

The breach was accomplished through voice phishing techniques, where ShinyHunters operatives contacted Google employees while impersonating legitimate IT support staff. During these phone calls, the attackers successfully tricked a Google employee into authorizing the installation of a malicious connected application to the organization's Salesforce portal.

Once authorized, the malicious app gave the cybercriminals with capabilities to access, query, and steal sensitive information directly from Google's Salesforce customer environment. Exposed data includes:

Business names of small and medium-sized companies
Contact details for business clients
Related notes and correspondence stored in the Salesforce system

The number of affected individuals and businesses has not been disclosed by Google.

Google emphasized that the stolen data was "confined to basic and largely publicly available business information" and that no more sensitive corporate or personal information was compromised during the breach.

Security experts note that even seemingly basic business information can be valuable for crafting targeted phishing campaigns and social engineering attacks against the affected organizations.

Update - as of 10th of August, ShinyHunters hacking group claims to have stolen approximately 2.55 million data records. Google characterized the compromised information as "basic and largely publicly available business information" such as business names and contact details. Google has sent out user notifications by August 8, 2025.

As of 22nd August 2025, Google has confirmed that the breach exposed business information, contact data and related notes for small and medium-sized businesses that were prospective Google Ads customers.

The exposed data includes:

Business names
Phone numbers
Email addresses
Contact details
Related sales notes and agent communications
Prospect engagement information

Google notes that most of these information are public knowledge for businesses, but even so, has advised the users within the affected organizations to be careful about possible phishing, reset passwords to stronger credentials. This amounts up to 2.5 billion user accounts that may need to improve their individual security and be careful of phishing.

This is another instance of the voice phishing attacks targeting Salesforce instance which also compromised Cisco, Chanel and Pandora.

Google confirms data breach of Salesforce instance via voice phishing attack

Read More
MongoDB reports data breach at Atlas, customer metadata …
Life360 reports data breach of Tile tracking platform
ShinyHunters Group Claim Breach of Match Group, Leaks …
Alleged Data Breach at Australian Mining Software Firm …
Acer Philippines report third party data breach