Google revealed that cybercriminals from the UNC6040 group, linked to ShinyHunters, breached its Salesforce database, exposing business contact information. The threat actors used social engineering and may be planning to launch a data-leak site to escalate extortion tactics. #ShinyHunters #UNC6040 #SalesforceBreach
Keypoints
- The breach involved a Salesforce database containing contact info for SMB customers.
- Google linked the attack to the cybercriminal group UNC6040, associated with ShinyHunters.
- The intrusion occurred in June and was limited to publicly available business information.
- Threat actors might develop a data-shaming site to enhance extortion efforts.
- ShinyHunters previously targeted Snowflake, Dior, Chanel, Pandora, and possibly Allianz.
Read More: https://www.theregister.com/2025/08/06/google_salesforce_attacks/