Google’s Salesforce CRM Breach (June–August 2025)

September 2, 2025

In June 2025, a hacking group known as ShinyHunters (tracked as UNC6040) successfully compromised one of Google’s corporate Salesforce instances. They executed a voice-phishing attack (vishing), tricking a Google employee into installing a malicious version of the Salesforce Data Loader app, granting the attacker unauthorized access. 

What was exposed

The breach exposed basic business contact information—company names, phone numbers, notes—for small and medium-sized businesses (SMBs). Importantly, this did not include Gmail account passwords, billing details, or other highly sensitive personal data.


Timing and impact

Google completed notifying affected users by August 8, 2025, and publicly confirmed the incident in early August.


Risk factor

The main concern isn’t stolen passwords, it’s the risk of phishing and social engineering attacks using the leaked contact info.


Affected organizations

Notably, Zscaler disclosed that its Salesforce instance was breached in this campaign, resulting in disclosure of customer support case details, business emails, job titles, phone numbers, product data, and regional info. They’ve since revoked integrations and rotated keys.


Response

Salesloft and Salesforce revoked all Drift-related tokens and removed the app from their marketplace. Companies were instructed to revoke credentials, rotate API keys, review logs, and monitor for further unauthorized access.


What You Must Do Now

If your organization uses Salesforce or any third-party integrations like Salesloft Drift:

  1. Audit all connected apps. Deny unnecessary access, apply least privilege.
  2. Revoke and rotate OAuth tokens, API keys, and credentials linked to Salesforce.
  3. Monitor logs for unusual access or SOQL queries, especially deletions or exports.
  4. Train your team. Social engineering remains the biggest risk.
  5. Review support case security. Ensure no sensitive customer info is stored insecurely.

Why Antivirus Software Isn’t Enough Anymore

October 30, 2025
If you’re still relying on traditional antivirus software to protect your business, you’re fighting 2025 threats with 2010 tools. Antivirus used to be the gold standard for computer protection. You installed it, it caught “viruses,” and you went about your day. But today’s cyber threats have evolved—and most small businesses don’t realize their old antivirus is leaving big holes open. Let’s break it down.

Is Public Wi-Fi Killing Your Business Security?

October 20, 2025
That free coffee shop Wi-Fi might be costing your business more than your latte. Public Wi-Fi is convenient—but it’s also one of the easiest ways for hackers to steal logins, emails, and customer data. Many business owners and employees use it daily without realizing just how risky it can be. Let’s break it down.

Cloud vs Local: Where Should You Be Saving Your Files?

October 16, 2025
If you run a small business, you’ve probably wondered: Should we store our files in the cloud or keep them on our computers and servers? Both options have pros and cons, and the right answer depends on how your team works, your budget, and how much downtime you can afford. Let’s break it down—without the tech jargon.