The notorious hacking group ShinyHunters has successfully broken into Google and stolen business customer information, the company confirmed. The hackers targeted one of Google’s corporate Salesforce databases, a tool used to manage customer relationships.
In a blog post, Google tried to downplay the incident, saying the hackers only managed to grab “basic and largely publicly available business information, such as business names and contact details.” The company did not say how many businesses were affected.
ShinyHunters is a particularly clever group. Their method is surprisingly simple: they call up a company’s IT support, pretend to be an employee who has lost their login info, and trick the IT tech into resetting the password. This low-tech “social engineering” trick has proven to be incredibly effective, and the group has used it to breach several major companies.
In just the last few weeks, ShinyHunters has hit the music streaming service Pandora and the insurance giant Allianz Life. They have also taken credit for massive data breaches at AT&T, Santander, and Ticketmaster, making them one of the most active and successful hacking groups in the world right now.
Unlike traditional ransomware gangs, ShinyHunters doesn’t bother with locking up a company’s files. Instead, they focus entirely on stealing sensitive data and then likely demanding a ransom to keep it private.
