Google confirms breach, user data stolen in widespread vishing attack

Google has confirmed that it was the victim of a data breach, with the attackers successfully stealing user data from one of the company's corporate databases. The breach, which occurred in June, was part of a larger campaign of attacks against numerous companies, including Cisco and several high-profile brands.

According to statements from Google's Threat Intelligence Group (GTIG), the incident was not the result of a vulnerability in Google's systems, but rather a sophisticated "vishing" or voice phishing attack.

The hackers, identified as the ShinyHunters gang, used social engineering tactics to manipulate an employee and gain unauthorized access to a Salesforce customer relationship management (CRM) instance.

• The compromised database contained basic and largely publicly available business information.

• This included contact details and related notes for Google's small and medium-sized business customers.

• It also covered prospective Google Ads clients.

Google has emphasized that no sensitive data, such as passwords or payment information, was exposed, and there was no impact on Google Ads accounts or other core products.

The breach is particularly notable as it targeted Google's own CRM, which was the very same type of attack that GTIG had warned about in an earlier blog post. The threat actors behind the campaign have reportedly used similar tactics to breach and extort other major companies, including Adidas, Allianz Life, Dior, and Louis Vuitton.

Following the data theft, the ShinyHunters group has been attempting to extort Google and other victims, demanding a ransom in Bitcoin to prevent the stolen data from being leaked publicly. Google has not commented on whether it has paid the ransom.

The incident serves as a stark reminder that even the world's most technologically advanced companies are not immune to attacks that exploit human error and social engineering.