Google’s Salesforce Environment Compromised – User Information Exfiltrated

Google has confirmed that one of its corporate Salesforce instances was breached in June by sophisticated threat actors, resulting in the theft of contact information for small and medium businesses.

The incident highlights the growing threat of voice phishing attacks targeting enterprise cloud environments and demonstrates how social engineering tactics continue to evolve in sophistication and effectiveness.

The Breach Details

According to Google’s Threat Intelligence Group (GTIG), the attack was carried out by UNC6040, a financially motivated threat cluster specializing in voice phishing campaigns designed to compromise Salesforce instances for large-scale data theft.

The compromised instance contained contact information and related notes for small and medium businesses that work with Google.

Google’s security team responded rapidly to the incident, conducting a comprehensive impact analysis and implementing immediate mitigation measures.

The company’s investigation revealed that threat actors successfully retrieved data during a limited window ...