Thought Leadership
Following the attack by the hacker group ShinyHunters on a Salesforce instance, Google has clarified that its own systems were spared, only the business contacts of potential Ads customers were affected.
Google has been hit by a cyber attack on its CRM system. According to the company, members of the ShinyHunters hacker group gained access to a Salesforce database containing contact information for small and medium-sized companies.
Google sent notifications to all affected contacts by August 8, 2025. According to the company, it was a single Salesforce instance that was used to communicate with prospects for Google’s advertising services (via Cybernews).
Basic data compromised
The captured information is limited to company names, telephone numbers and internal notes on business contacts. Google’s core systems and cloud services remained unaffected by the incident, as a company spokesperson emphasized.
According to Google, the security teams have already analyzed the affected instance and implemented appropriate protective measures.
Wave of Salesforce attacks
Back in June, Google itself warned of ongoing phishing campaigns against the CRM platform. Known victims include the luxury brands Chanel, Louis Vuitton and Dior. Cisco also reported a similar incident.
The cybercriminals contact employees by telephone, pretend to be IT support and trick them into installing malicious applications. They then gain access to the Salesforce environment.
The cybercriminals use Salesforce’s own data loader tool to extract data. This tool is actually intended for the regular import and export of large amounts of data.
