Cyberattack targeting Google: more than 2.55 million records compromised

In June 2025, Google was the victim of a remarkably sophisticated cyberattack orchestrated by the dangerous ShinyHunters gang in collaboration with the Scattered Spider group. This incident not only rocked the tech giant, but also revealed a worrying vulnerability in the security of companies in the sector. Nearly 2.55 million records related to Google Ads leads were stolen, exposing the vulnerability of even the largest companies to new hacking tactics. This stolen data, which primarily contained publicly available business information, was exfiltrated using skillful manipulation based on sophisticated voice phishing techniques, exploiting employee trust.

This situation is not isolated. Cybercrime is evolving at a breakneck speed, forcing players such as Microsoft, Apple, and Facebook to strengthen their defenses in the face of an increasingly unpredictable threat. The coalescence of criminal groups around brutally human methods, via social engineering, reflects a new phase in organized cybercrime. The massive leak of this data highlights the crucial importance for all companies to strengthen their security strategies and raise awareness among their teams in the face of these growing threats. In this dynamic, the question is no longer whether an attack can affect us, but when it will occur.

How the cyberattack was carried out against Google: details and techniques

The attackers, belonging to the ShinyHunters gang associated with Scattered Spider, implemented a meticulous voice phishing strategy. Rather than exploiting a technical flaw in Google’s systems, they chose to play on human trust, often the weak point of any security. To do this, they used phone calls where they pretended to be from the IT department of Salesforce, a platform widely used by Google for its lead management.

This type of approach, known as voice spear-phishing, is becoming increasingly widespread because it relies on social engineering to dupe employees without requiring complex technological means. The hackers break the distrust barrier by posing as colleagues or managers, persuading their victims to install a fake version of Salesforce Data Loader. Once the tool was installed, they were able to access a database containing essential information on millions of leads, including names, phone numbers, and various notes. The specific techniques used

📞

• Targeted phishing calls : impersonating colleagues or IT managers to gain trust 🔐
• Installing rogue malware : perfectly imitating legitimate tools like Salesforce Data Loader 💼
• Accessing sensitive databases : exploiting a Salesforce server dedicated to lead management 🕵️‍♂️
• Stealthed data exfiltration : massive and stealthy theft, followed by a ransom demand This modus operandi demonstrates that hackers are not only looking for technological vulnerabilities, but also exploiting users’ psychology and naivety to thwart security. The simplicity of this method contradicts the image of a technologically advanced cyberattack, but above all demonstrates an evolution in the criminals’ strategy, who now have a complete arsenal combining technology and human manipulation.

The groups ShinyHunters, Scattered Spider, and Lapsus$ made headlines with their collaboration on this operation. ShinyHunters, known for its targeted attacks against digital giants, subsequently announced that it had mobilized its partners to exfiltrate this data. The collaboration enabled two key stages to be completed: the initial intrusion and exfiltration. Scattered Spider carried out the technological attack, using sophisticated techniques to penetrate Google’s network. ShinyHunters then orchestrated the data extraction, demanding a ransom of over $2.3 million in bitcoins.

In practice, this alliance reflects a new form of cybercrime where coordination between groups maximizes the impact of an attack. The motive behind this operation is clear: financial, but also strategic. By targeting Google, a leading company in the sector, these hackers seek to demonstrate their ability to disrupt the global digital ecosystem, while profiting from the sale of data to malicious actors or foreign states.

Key Players

→ À lire aussi Isabelle Manniez, hairdresser from the northern village, receives a prestigious award News · 31 Jul 2025

This massive theft of 2.55 million prospective records highlights the vulnerability of digital giants in the face of a constantly evolving threat. Although Google minimized the impact by specifying that primarily public and non-sensitive data was used, the reality remains worrying. The leak primarily exposes the weakness of access management and the need for increased staff education.

Companies, notably Apple, Microsoft, and Facebook, must now face this new situation, where hackers are adapting by deploying more subtle manipulation strategies. The fear is that this data, for sale on the dark web or used for targeted phishing, could fuel large-scale identity theft or fraud campaigns. Potential Impacts

🛡️

Risk of Identity Theft

• : Theft of Personal Information for Scams 💣 Massive Phishing Ahead
• : New Targeted Fraud Campaigns 🔓 Commercial Exploitation
• : Illegal Resale on the Dark Web In this context, vigilance and regular updates to security protocols are becoming essential. Statistically, the number of phishing attempts is increasing alarmingly, and all large companies must continue to invest in cybersecurity solutions that integrate artificial intelligence and proactive detection, particularly with tools offered by Cisco and Palo Alto Networks. Find out everything about cyberattacks: definitions, types of threats, recent examples, and tips for protecting your data and systems against cyberattacks.

Measures taken by Google and its partners to limit the damage

⚙️ Strengthened its two-factor authentication systems

🔒 Increased real-time monitoring of suspicious activity

1. 🛡️ Collaborated with security experts such as Kaspersky, Symantec, and Cisco to analyze the breach
2. 📝 Notified affected users so they could take precautionary measures
3. 📚 Increased employee awareness of social engineering
4. In an increasingly contested sector, data protection is becoming a top priority. Competition between giants such as Microsoft, Google, Apple, and Amazon continues to intensify their investments in cybersecurity to prevent future attacks. This is evidenced by the integration of innovative tools derived from artificial intelligence, aimed at detecting and blocking any malicious attempts in advance. Google’s Key Actions
5. Objectives

🔐 Strengthen authentication

How did hackers gain access to Google’s data?

→ À lire aussi The end of Goo.gl: Google is shutting down its URL shortening service, removing millions of links. News · 04 Aug 2025

What are the risks for users following this leak?

The main risks concern identity theft, targeted phishing, and the illicit sale of data on the dark web. Vigilance must be increased, and it is recommended to change passwords and enable two-factor authentication.

What measures has Google adopted to protect itself in the future?

Google has strengthened its security measures by integrating artificial intelligence tools, collaborating with companies like Kaspersky and Cisco, and raising employee awareness of the risks associated with social engineering. Security is no longer an option, but a vital necessity in this hostile digital environment.

Source:

kulturegeek.fr

Écrit par

Kevin Grillot

Consultant Webmarketing & Expert SEO.

Voir tous les articles →