Google’s Salesforce CRM Breach (June–August 2025)

September 2, 2025

In June 2025, a hacking group known as ShinyHunters (tracked as UNC6040) successfully compromised one of Google’s corporate Salesforce instances. They executed a voice-phishing attack (vishing), tricking a Google employee into installing a malicious version of the Salesforce Data Loader app, granting the attacker unauthorized access. 

What was exposed

The breach exposed basic business contact information—company names, phone numbers, notes—for small and medium-sized businesses (SMBs). Importantly, this did not include Gmail account passwords, billing details, or other highly sensitive personal data.


Timing and impact

Google completed notifying affected users by August 8, 2025, and publicly confirmed the incident in early August.


Risk factor

The main concern isn’t stolen passwords, it’s the risk of phishing and social engineering attacks using the leaked contact info.


Affected organizations

Notably, Zscaler disclosed that its Salesforce instance was breached in this campaign, resulting in disclosure of customer support case details, business emails, job titles, phone numbers, product data, and regional info. They’ve since revoked integrations and rotated keys.


Response

Salesloft and Salesforce revoked all Drift-related tokens and removed the app from their marketplace. Companies were instructed to revoke credentials, rotate API keys, review logs, and monitor for further unauthorized access.


What You Must Do Now

If your organization uses Salesforce or any third-party integrations like Salesloft Drift:

  1. Audit all connected apps. Deny unnecessary access, apply least privilege.
  2. Revoke and rotate OAuth tokens, API keys, and credentials linked to Salesforce.
  3. Monitor logs for unusual access or SOQL queries, especially deletions or exports.
  4. Train your team. Social engineering remains the biggest risk.
  5. Review support case security. Ensure no sensitive customer info is stored insecurely.

What is a Firewall and Why You Absolutely Need One

September 9, 2025
What is a Firewall and Why You Absolutely Need One Think of your business network like your office building. You lock the doors at night so random people can’t just walk in. A firewall is that lock for your computers and internet connection.

Wi-Fi Woes: How to Bulletproof Your Business Internet

September 1, 2025
For small and midsize businesses, internet downtime isn’t just an inconvenience, it’s lost revenue, frustrated customers, and wasted productivity. Whether your business relies on cloud apps, VoIP calls, or online payments, a shaky Wi-Fi connection can bring your day to a grinding halt. The truth is, most “Wi-Fi problems” aren’t about Wi-Fi at all. They’re about the way your network is designed, managed, and backed up. Here’s how to bulletproof your business internet and keep things running no matter what.

How to Choose the Right Laptop for Your Business Needs

August 26, 2025
How to Choose the Right Laptop for Your Business Needs Buying laptops for your business isn’t as simple as clicking “add to cart” on the cheapest model you find online. For small and mid-sized businesses, the wrong choice can mean slower performance, frustrated employees, more downtime, and costly replacements sooner than expected. The key is to choose laptops based on your team’s actual work needs , not just price tags or flashy features. Here’s a practical guide to help you make the right call.