Google confirms the stolen data in rape by the known hacker group

When a non -profit hospital or organization is a victim of a cyber attack, it is difficult to blame. Cybersecurity is not its strength, and many lack the budget for a dedicated security team, much less a technology director.

But when a technological giant like Google experiences a data violation, it raises serious questions. Is data safety reducing the company’s priority list? Or are the cybercriminals of today so advanced that even the main Google engineers are struggling to keep the pace?

This is what happened: Google recently confirmed that computer pirates stole customer data by violating one of their internal databases. The violation went to a system that used Salesforce, a popular cloud -based platform that companies use to manage customer relationships, store commercial contact information and track the interactions. The attack has been related to a known group of threats.

Register for my free Cyberguy report
Get my best technological tips, urgent security alerts and exclusive offers delivered directly to your inbox. In addition, you will get instant access to my final scam survival guide, free when I join me Cyberguy.com/newsletter

Dior data violation exposes the personal information of US clients

What you need to know about the rape of Google data

Google has confirmed that a piracy group known as Shinyhunters stole customer data from one of its Salesforce internal databases used to administer commercial customers relations. The company revealed the violation in a blog post published in early August, noting that stolen data included “basic and largely available commercial information, such as commercial names and contact data.”

What is artificial intelligence (AI)?

The rape was carried out by Shinyhunters, a well -known cybercriminal group formally tracked as UNC6040. The group has recently related to a series of high profile incidents that involve companies such as AT&T, Ticketmaster, Allianz Life and Pandora. In this case, the attackers went to the Salesforce System of Google vouchers, which the company uses to store contact information and notes about small and medium enterprises.

According to Google’s threat intelligence group, the attackers trusted voice phishing, or “splashes”, getting through the company’s employees on telephone calls to the support of IT and persuading them to restore the login credentials. This technique has proven effective against multiple organizations in recent months.

No company is safe from cyber attacks

Google did not specify how many clients were affected by rape. When comments were requested, a company spokesman told Cyberguy to the blog post and refused to give more details. Nor is it clear if Google has received any kind of rescue demand from the group.

Cisco, Qantas and Pandora have reported similar infractions in recent months, which now seem to be part of a broader campaign aimed at cloud -based customer relationship tools.

In its blog post, Google warned that Shinyhunters could be preparing a public filtration site. Ransomware gangs often use this tactic to extort companies, threatening to publish stolen data. According to reports, the group shares infrastructure and personnel with other cybercriminal groups, including the COM, which performs extortion campaigns and, in some cases, has issued threats of physical violence.

9 ways to stay safe from phishing and social engineering attacks

While organizations such as Google can be main objectives, people are often the weakest link that attackers explode. But with some intelligent practices, you can drastically reduce your risk.

1. Never share login credentials by phone

Google’s violation occurred because employees renounced confidential information through a phone call. No legitimate equipment will ask you to share your password or 2FA codes by phone. If someone does, it is a great red flag.

2. Always verify who is calling

If someone claims to be from the IT department of your company or a service provider, hang and call again using an official number. Never trust the number shown in the identification of calls.

3. Enable two factors authentication (2FA)

Even if the credentials are compromised, the authentication of two factors (2FA) can block unauthorized access by adding an additional security layer. He assures that a password alone is not enough to enter his accounts.

Get the News business on the fly by clicking here

4. Be careful with Phishing links too

Electronic emails and pHishing messages often include links that take it to false websites designed to steal their login credentials or personal information. These messages generally create a sense of urgency, asking you to verify an account, restore a password or claim a reward. Instead of clicking on the link, take a moment to inspect the message.

The best way to safeguard the malicious links is to have the antivirus software on all its devices installed. This protection can also alert it to the PHISHING Electronic Correos and Ransomware scams, maintaining their personal information and their safe digital assets.

Get my choices for the best 2025 antivirus protection devices for your Windows, Mac, Android and iOS devices in Cyberguy.com/Lockupyoutech

5. Use a data disposal service

Attackers can carry out phishing attacks, amordazos and splashes because their personal data is available online. The less publicly accessible, the more difficult it will be for them to create convincing scams.

While no service promises to eliminate all its Internet data, having an elimination service is excellent if you want to constantly monitor and automate the process of eliminating your information from hundreds of sites continuously for a longer period of time.

6. Keep your software and updated browsers

Attackers often exploit obsolete software with known vulnerabilities. Make sure your operating system, browsers, accessories and applications are always executing the latest version. Enable automatic updates whenever possible to avoid missing critical patches.

7. Use a password administrator with phishing detection

A good password administrator not only stores strong and unique passwords; You can also alert it if you are in a suspicious place. If your password administrator refuses to enter its login, it could mean that the site is false.

See the best password administrators reviewed by 2025 experts in Cyberguy.com/Passwords

8. Monitor your accounts for unusual activity

If you suspect a violation, observe your accounts for unauthorized session, emails for password restoration or other suspicious behavior. Configure alerts when possible. Many online services offer login notifications or panels that show a recent access history.

9. Inform Phishing attempts

If you receive an attempt from Vishing or Phishing, reprost it to the IT/Security Team of your Organization OA the appropriate government agency (as reportfraud.ftc.gov in the USA. UU.). Reports help close these scams faster and can protect others.

Click here to get the News application

Kurt key takeway

Although the data set forth in the case of Google can be limited, the violation highlights a persistent vulnerability in corporate systems: people. Shinyhunters seems to be increasingly effective to exploit that weakness. What is even more worrying is Vishing’s emergence, also known as voice phishing. Vishing is not new, but its growing success shows how fragile systems can be even defended when human error is involved.

How sure is in the training of cybersecurity awareness of your company? Get us knowing in Cyberguy.com/contact

Register for my free Cyberguy report
Get my best technological tips, urgent security alerts and exclusive offers delivered directly to your inbox. In addition, you will get instant access to my final scam survival guide, free when I join me Cyberguy.com/newsletter

Copyright 2025 Cyberguy.com. All rights reserved.