Google Confirms Data Breach Affecting Prospective Ads Customers
Google has confirmed a data breach involving prospective Google Ads customers. The incident, which occurred between January and August 2022, exposed business names, phone numbers, and related notes of Google sales agents. The breach was carried out by the threat actor ShinyHunters, also known as UNC6040.
Google's Threat Intelligence Group is tracking UNC6040, a financially motivated group that uses voice phishing to target Salesforce systems. The group exploited a data loss in Salesforce to gain access to the sensitive information. They employed social engineering tactics to steal credentials or link malicious Salesforce Data Loader OAuth apps, then proceeded to download entire databases and extort victims.
ShinyHunters initially demanded 20 BTC, roughly $2.3 million, from Google. However, they later claimed the breach was a prank. The group claimed to have accessed around 2.55 million records. Google has confirmed that financial data and Ads data in Google Ads Account, Merchant Center, Google Analytics, and other Ads products were not affected.
Google has confirmed the breach and is working to mitigate its impact. The company has not specified how many customers or businesses were affected. Google Ads customers are advised to remain vigilant and monitor their accounts for any suspicious activity.
