{“lastseen”:”2025-08-07T12:04:46″,”description”:”At the heart of multiple data breaches against sophisticated and robust companies, including Google, Adidas, Louis Vuitton, and Chanel, was a rudimentary attack method that required little technical finesse\u2014making a phone call.\\n\\nBy disguising themselves as IT support personnel on the phone, hackers belonging to the group \u201cShinyHunters\u201d successfully tricked the employees at several multinational corporations into handing over the data within their own Salesforce platforms. The attacks underscore the vulnerability that all businesses face\u2014large or small\u2014in preventing cyberattacks that begin through basic social engineering scams.\\n\\nIn a bizarre twist of irony, security researchers at Google Threat Intelligence Group (GITG) originally uncovered the hacking campaign in June, only to announce that Google itself had been hit by the very same tactic this week. Other victims in the hacking campaign include Allianz Life, the airline Qantas, and the jeweler Pandora.\\n\\nThe data breaches all leverage a Salesforce feature that allows users to connect to various, external apps. This functionality allows business owners and employees to, for instance, connect their Salesforce data to mapping tools to visualize the locations of a customer base, or to connect their Salesforce data with a newsletter platform to deliver email marketing campaigns to specific customer segments. \\n\\nIn the attacks, the hackers trick employees into connecting to a fraudulent version of Salesforce\u2019s \u201cData Loader\u201d app, which lets users import, export, update, and delete large quantities of data that are stored or managed within Salesforce itself. The process for connecting to an external app is simple, as employees just enter an 8-digit code when prompted by Salesforce. But once ensnared in the phone scam, employees are tricked into entering an 8-digit code that will connect to a data exfiltration program owned and operated entirely by the hackers.\\n\\nOnce connected, the hackers are free to roam inside the company\u2019s Salesforce data and steal what they see fit. Some attacks reportedly included an expansion by the hackers into other corporate online accounts, including Microsoft 365, which could reveal a company\u2019s emails and other sensitive messages.\\n\\nIn the attack against Google, the hackers accessed a Salesforce \u201cinstance,\u201d which is a term used to describe a company or user\u2019s implementation of software and the data they manage through that software (Think of it like when a hacker breaches an online account and then pilfers all the data related to that account and what it can access). In the Google attack, the Salesforce instance \u201cwas used to store contact information and related notes for small and medium businesses.\u201d\\n\\n\u201cAnalysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off,\u201d Google said. \u201cThe data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.\u201d\\n\\nAccording to the outlet Bleeping Computer, the ShinyHunters cybercrime group is still stealing business data through this attack campaign. Once the hackers have the data, they then extort the victims to pay a hefty ransom or risk having the data exposed online.\\n\\n## **How to stay safe from the Salesforce scam**\\n\\nBecause this attack is so targeted\u2014every corporate victim uses Salesforce\u2014the defense strategies are clear and actionable. Here\u2019s how you can help yourself and your staff in avoiding this attack.\\n\\n * **Audit your Salesforce access**. Ensure that the only employees or staff who have access to Salesforce are those who need to use it for their job. When there are fewer employees who can access Salesforce, there are fewer entry points for hackers.\\n * **Train your staff**. Recognizing a social engineering scam is important for any workforce, no matter the size. Inform your employees and yourself about your current IT support provider so that any rogue phone calls are immediately caught.\\n * **Use multifactor authentication (MFA) for important accounts**. The hackers in these attacks managed to gain access to other cloud applications like Microsoft 365. Protect all your employee accounts on sensitive platforms with MFA.\\n\\n\\n\\nSocial engineering scams are some of the most effective and serious threats to small businesses. It\u2019s important to recognize them when they happen. And for all else, use always-on cybersecurity to protect your business from malware, viruses, and nefarious break-in attempts.”,”published”:”2025-08-07T10:56:18″,”modified”:”2025-08-07T10:56:18″,”type”:”malwarebytes”,”title”:”How Google, Adidas, and more were breached in a Salesforce scam”,”source”:””,”references”:””,”id”:”MALWAREBYTES:8F2BB9CB913663C2A61A4563D3F9EAE4″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/08\/how-google-adidas-and-more-were-breached-in-a-salesforce-scam”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-08-07T12:04:46″,”description”:”At the heart of multiple data breaches against sophisticated and robust companies, including Google, Adidas, Louis Vuitton, and Chanel, was a rudimentary attack method that…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-10052","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n