Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

Google Ads Customers’ Data Breach

August 11, 2025
Reading Time: 3 mins read
in Incidents
Connex Credit Union Data Breach

In a recent data breach, Google has officially confirmed that a limited set of data from one of its corporate Salesforce instances was compromised. The breach affects potential Google Ads customers, and the exposed information includes basic business contact information such as business names, phone numbers, and related notes used by sales agents. Google has reassured customers that no payment information was exposed, and there is no impact on data within Google Ads accounts, Merchant Center, Google Analytics, or other Ads products. This event highlights the persistent threat posed by sophisticated cybercriminal groups targeting corporate infrastructure.

The breach was executed by a notorious threat group known as ShinyHunters, who have been involved in a series of data theft attacks against Salesforce customers. According to ShinyHunters, the stolen data contains approximately 2.55 million records. While it is unclear if there are duplicates within this number, the scale of the theft is significant. The group also revealed that they are working with another threat actor group, Scattered Spider, who are responsible for gaining initial access to the targeted systems. The groups now refer to themselves as “Sp1d3rHunters,” signifying their collaborative efforts and overlapping members in these attacks.

The modus operandi of the threat actors involves sophisticated social engineering tactics. They target employees to gain access to their credentials or trick them into linking a malicious version of Salesforce’s Data Loader OAuth app to the company’s Salesforce environment. Once they gain access, they download the entire Salesforce database. Following the data theft, the attackers typically extort the targeted companies via email, demanding a ransom to prevent the public release of the stolen data. This method of operation was previously highlighted by Google Threat Intelligence Group (GTIG) in June, and Google itself fell victim to this very same attack a month later.

In the case of Google, the threat actors reportedly sent an extortion demand, asking for 20 Bitcoins, which is approximately $2.3 million.

However, the motives behind the ransom demand appear to be somewhat complex. One of the threat actors told BleepingComputer that the ransom email was sent “for the lulz of it,” suggesting that the primary motivation might not be financial. This could be a tactic to mislead or simply a display of their capabilities. The ongoing nature of these attacks shows that threat actors like ShinyHunters are constantly evolving their methods and tools to breach corporate systems and steal sensitive data.

In a recent development, the threat actors have upgraded their tools to make their data theft operations more efficient. ShinyHunters stated they have switched to a new, custom tool that simplifies and accelerates the process of stealing data from compromised Salesforce instances. Google has also acknowledged this new tooling, observing that the attackers are now using Python scripts instead of the previously utilized Salesforce Data Loader. This shift indicates a continuous arms race between threat actors and cybersecurity professionals, where attackers are constantly developing new ways to bypass security measures and exploit vulnerabilities in corporate systems.

Reference:

  • Google Confirms Breach Exposed Potential Google Ads Customers’ Information
Tags: August 2025cyber incidentsCyber Incidents 2025Cyber threats
ADVERTISEMENT

Related Posts

Swedish Towns Hit By Ransomware Attack

Nevada Closes Offices After Cyberattack

August 28, 2025
Swedish Towns Hit By Ransomware Attack

Doge Accused Of Mimicking SSN Info

August 28, 2025
Swedish Towns Hit By Ransomware Attack

Swedish Towns Hit By Ransomware Attack

August 28, 2025
NJ Social Services Reports Data Breach

Salesloft Breach Exposes OAuth Tokens

August 27, 2025
NJ Social Services Reports Data Breach

NJ Social Services Reports Data Breach

August 27, 2025
NJ Social Services Reports Data Breach

Auchan Retailer Reports Data Breach

August 27, 2025

Latest Alerts

AI Systems Used for Ransomware Attacks

Coordinated Scans Target Microsoft RDP

Shadowcaptcha Exploits WordPress Sites

MixShell Hts US Supply Chain Firms

AI Attack Hides Prompts In Images

WhatsApp Desktop Code Execution Risk

Subscribe to our newsletter

    Latest Incidents

    Swedish Towns Hit By Ransomware Attack

    Nevada Closes Offices After Cyberattack

    Doge Accused Of Mimicking SSN Info

    Auchan Retailer Reports Data Breach

    NJ Social Services Reports Data Breach

    Salesloft Breach Exposes OAuth Tokens

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial