Google Falls Victim to Salesforce Scam It Discovered

In a surprising twist, Google, a tech giant known for its security measures, recently found itself ensnared in the same scam it uncovered just months prior. Back in June, Google had revealed a widespread scheme targeting Salesforce accounts. The scam involves attackers posing as IT personnel to convince employees to concede access to their accounts by fabricating urgent issues.

This method, although simple, has proven alarmingly effective. Companies like Adidas, Qantas, Allianz Life, Cisco, and subsidiaries of LVMH—such as Louis Vuitton, Dior, and Tiffany & Co.—have fallen victim to this elaborate trick. The attackers' goal? Access valuable data to sell back to the original owners at exorbitant prices.

Exploiting Salesforce's feature that integrates third-party applications, these cybercriminals cleverly persuade employees to link external apps to their Salesforce accounts. Employees are usually coaxed into providing an eight-digit security code required to establish these connections, granting the hackers entry to the treasure trove of stored data.

It was only recently that Google disclosed its own Salesforce system had been compromised during these attacks. The breach occurred in June but remained undisclosed until the company presumably pieced together the full extent of the incident.

The data accessed consisted primarily of business information, already mostly public. Google suspects two groups: UNC6040, linked to the initial hacks, and UNC6042, associated with later extortion attempts under the moniker ShinyHunters. Reports suggest that ShinyHunters might escalate their tactics by launching a data leak site to boost pressure on their victims.

The incident is a stark reminder for Salesforce users everywhere. A comprehensive audit of account accesses is crucial alongside implementing multifactor authentication. Educating employees about such scams is vital to safeguarding sensitive data from malicious hands.