Shinyhunters break Google with the help of voice fishing -attack
NEWYou can now listen to Fox News articles!
When a hospital or non -profit falls victim to a cyber attack, it is difficult to blame. CyberSecurity is not their strength, and many miss the budget for a dedicated security team, let alone a Chief Technology Officer.
But when a technology giant like Google experiences a data breach, this raises serious questions. Is data security the priority list of the company? Or are today’s cyber criminals so advanced that even the best engineers of Google have difficulty keeping up?
This is what happened: Google recently confirmed that Hackers have stolen customer data by violating one of the internal databases. The infringement was aimed at a system that used Salesforce, a popular cloud -based platform companies that used to manage customer relationships, to store business contact details and keep track of interactions. The attack is linked to a well -known threat group.
Register for my free Cyberguy report
Receive my best technical tips, urgent security warnings and exclusive deals that are delivered directly in your inbox. Moreover, you get direct access to my ultimate Survival guide for scam – free if you become a member of my Cyberguy.com/newsletter
Dior Data Breach exposes the personal information of American customers
A Google board on the side of a building (Kurt “Cyberguy” Knutsson)
What you need to know about Google DataGag
Google has confirmed that a hacking group that is known as shiny Hunters has stolen customer data from one of the internal Salesforce databases that are used to manage business relationships. The company unveiled the infringement in a blog post that was published at the beginning of August and noted that the stolen data “includes basic and largely publicly available business information, such as company names and contact details.”
What is artificial intelligence (AI)?
The infringement was carried out by Shinyhunters, a well -known cyber criminal group that formally followed as UNC6040. The group has recently been linked to a series of high -profile incidents with companies such as AT&T, Ticketmaster, Allianz Life and Pandora. In this case, the attackers focused on the Salesforce System company from Google, which the company uses to save contact information and comments about small and medium -sized companies.
According to the Google’s Threat Intelligence Group, the attackers relied on Spraakphishing or “Vishing”, who presented business staff in phone calls to support and convince IT support to reset login data. This technique has proved effective against several organizations in recent months.
A man who uses the Google search engine on his laptop (Kurt “Cyberguy” Knutsson)
No company is safe for cyber attacks
Google has not indicated how many customers were influenced by the infringement. When he was asked for comment, a spokesperson for the Cyberguy company pointed back to the blog post and refused to work it out. It is also unclear whether Google has received any form of ransom from the group.
In recent months, Cisco, Qantas and Pandora have all reported similar infringements, which now appear to be part of a broader campaign that focuses on cloud -based customer relationship management tools.
In his blog post, Google warned that Shinyhunters may prepare a public leks site. Ransomware -gangs often use this tactic to squeeze companies and are in danger of publishing stolen data. The group reportedly shares infrastructure and staff with other cyber criminal collectives, including the COM, which carries out extortion campaigns and in some cases has issued threats of physical violence.
Google search engine (Kurt “Cyberguy” Knutsson)
9 ways to stay safe against speech fishing and social engineering attacks
Although organizations such as Google may be excellent goals, individuals are often the weakest link that attackers exploit. But with a few smart practices, you can dramatically reduce your risk.
1. Never share login details over the telephone
The Google infringement happened because employees provided sensitive information via a phone call. No legitimate IT team will ever ask you to share your password or 2FA codes over the phone. If someone does that, it’s a big red flag.
2. Always check who is calling
If someone claims to be the IT department of your company or a service provider, hang up and call back with an official number. Never trust the number that is displayed on caller -id.
3. Switch on two-factor authentication (2FA)
Even if references are affected, two -factor authentication (2FA) can block unauthorized access by adding an extra layer of security. It ensures that a password is not enough to break into your accounts.
Get Fox Business on the Go by clicking here
4. Watch also for phishing -links
Phible -e -Mails and Messages often contain links that take you to fake websites that are designed to steal your login details or personal information. These messages usually create a sense of urgency and ask you to verify an account, reset a password or claim a reward. Instead of clicking on the link, take the time to inspect the message.
The best way to protect yourself against malignant links is to have antivirus software installed on all your devices. This protection can also warn you about phishing -e -mails and ransomware -scam, so that your personal information and digital assets are kept securely.
Get my choices for the best winners of the 2025 antivirus protection for your Windows, Mac, Android and iOS devices at Cyberguy.com/lockupyourtech
5. Use a data removal service
Attackers are able to perform phishing, Smishing and Vishing attacks, because your personal data is available directly online. The less the public is accessible, the harder it gets for them to make convincing scams.
Although no service promises to remove all your data from the internet, having a deletion service is great if you want to constantly follow and automate the process of deleting your information from hundreds of sites for a longer period.
View my top choices for data removal services and receive a free scan to find out if your personal information is already on the internet by visiting Cyberguy.com/delete
Get a free scan to find out if your personal information is already on the internet: Cyberguy.com/freescan
6. Keep your software and browsers up -To -date
Attackers often exploit outdated software with well -known vulnerabilities. Make sure that your operating system, browsers, plug -ins and apps always have the latest version. Use Auto -updates where possible to prevent them from missing critical patches.
7. Use a password manager with phishing detection
A good password manager not only stores strong, unique passwords; It can also warn you if you are on a suspicious site. If your password manager refuses to automatically make your login, this may mean that the site is fake.
View the best expert-reviewed password managers from 2025 Cyberguy.com/passwords
8. Check your accounts for unusual activity
If you suspect an infringement, pay attention to your accounts for unauthorized registrations, the password reset e -mails or other suspicious behavior. Set warnings where possible. Many online services offer login reports or dashboards that show recent access history.
9. Report phishing attempts
If you receive an attempt or phishing attempt, report this to the IT/security team of your organization or the correct government agency (such as report fraud.ftc.gov in the US). Reporting helps to close this scams faster and can protect others.
Click here to get the Fox News app
Kurt’s most important collection meal
Although the data exposed in the Google case may be limited, the infringement emphasizes persistent vulnerability in business systems: people. Shinyhunters seems to become more effective in operating that weakness. What is even more careful is the rise of Vishing, also known as Voice Phishing. Vishing is not new, but the growing success shows how fragile even well -defended systems can be when the human mistakes are involved.
How self -confident is you in the training of your company CyberSecurity awareness? Let us know by writing us Cyberguy.com/contact
Register for my free Cyberguy report
Receive my best technical tips, urgent security warnings and exclusive deals that are delivered directly in your inbox. Moreover, you get direct access to my ultimate Survival guide for scam – free if you become a member of my Cyberguy.com/newsletter
Copyright 2025 cyberguy.com. All rights reserved.
