An extortion group called ShinyHunters, along with associated groups, has launched a website leaking data from 39 companies affected by Salesforce breaches, threatening to release personal data unless ransom demands are met. The attacks involved voice phishing and OAuth token theft, impacting major corporations like Google, Disney, and IKEA, with the group warning of further extortion campaigns.
ShinyHunters, a cybercrime group known for data breaches and now employing voice-based social engineering tactics like vishing, has targeted major companies including Salesforce, affecting millions of users. The group has links with other hacking groups and is involved in selling stolen data and offering ransomware services. Protecting against such attacks involves vigilance, employee training, and enhanced security measures like multi-factor authentication. The rise of AI-generated deepfakes makes these scams more sophisticated and harder to detect.
Google has warned 2.5 billion Gmail users about an increase in phishing scams linked to the ShinyHunters hacking group, which has previously targeted companies like Microsoft and Ticketmaster. Although no passwords were compromised, users are advised to update their passwords and enhance account protections to guard against potential extortion and scams.
Google has issued an emergency warning to Gmail users following a cyber threat linked to a Salesforce data breach, with hackers exploiting stolen data through social engineering and impersonation tactics. The threat is associated with the notorious cybercriminal group ShinyHunters, which has targeted major organizations and stolen vast amounts of data. Users are advised to enhance their security by updating passwords and enabling two-factor authentication to mitigate risks.
Google has warned Gmail users about targeted attacks by hackers exploiting a Salesforce data breach, urging users to change passwords and enable two-factor authentication to protect their accounts from further intrusions and extortion tactics.
Google confirmed a data breach affecting up to 2.5 billion users, linked to the ShinyHunters ransomware group, which compromised a Salesforce database containing mostly public business information. The breach occurred in June but was only disclosed after security experts identified the data loss. Google responded quickly, but the incident highlights ongoing cybersecurity risks, including social engineering scams targeting users.
Allianz Life experienced a data breach in July, affecting approximately 1.1 million customers and employees, with hackers stealing personal information including names, addresses, and Social Security numbers, in a cyberattack linked to the hacking group ShinyHunters.
Workday, a provider of HR technology, experienced a data breach affecting some user contact information, likely linked to a larger attack on Salesforce databases by the hacking group ShinyHunters, raising concerns about social engineering scams and limited disclosure practices.
Workday disclosed a data breach resulting from a social engineering attack on a third-party CRM platform, likely linked to the ShinyHunters group targeting Salesforce instances, exposing business contact information of over 11,000 organizations, including some of the Fortune 500, while denying customer tenant impact.
Google announced that the hacking group ShinyHunters breached one of its Salesforce databases containing contact information for small and medium-sized businesses, but the hackers only accessed publicly available data for a brief period. The group is known for social engineering attacks and has targeted other major companies this year, often demanding ransom after data exfiltration.
Google has confirmed a security breach affecting one of its databases, with user contact information stolen by hackers associated with the ShinyHunters group, highlighting that no organization is immune to cyberattacks.
AT&T paid a hacker $370,000 in bitcoin to delete stolen customer data, negotiating through an intermediary after the hacker initially demanded $1 million. The hacker provided a video as proof of deletion, but there are concerns that some data excerpts may still exist. The breach is linked to the ShinyHunters group, which also compromised Ticketmaster and Santander Bank using stolen credentials from a third-party cloud storage company.
AT&T paid a hacker $370,000 to delete stolen call records of tens of millions of customers. The hacker, part of the ShinyHunters group, provided proof of deletion. The breach, involving unsecured Snowflake cloud storage, affected over 150 companies. The hacker responsible for the breach, John Erin Binns, was arrested in Turkey for an unrelated 2021 T-Mobile hack. Despite the payment, some data may still be at risk.
Ticketmaster and several other Snowflake customers have been hacked, with threat actors obtaining credentials through info-stealing malware or purchasing them online. The hacking group ShinyHunters has claimed responsibility, seeking large sums for the stolen data. The breaches highlight the importance of multifactor authentication (MFA), which was not in place for the compromised accounts. Snowflake and security firms Mandiant and Crowdstrike are investigating, with no evidence yet of a vulnerability in Snowflake's platform.
Ticketmaster has been hacked, compromising personal information of 560 million users. The hacking group ShinyHunters is demanding $500,000 in ransom to prevent the sale of the stolen data. Live Nation, Ticketmaster's parent company, is investigating the breach and working to mitigate risks. Despite the severity, Live Nation does not expect a significant impact on its business operations. Ticketmaster has a history of both being hacked and engaging in illegal hacking activities.
