Google’s Salesforce CRM Breach (June–August 2025)

September 2, 2025

In June 2025, a hacking group known as ShinyHunters (tracked as UNC6040) successfully compromised one of Google’s corporate Salesforce instances. They executed a voice-phishing attack (vishing), tricking a Google employee into installing a malicious version of the Salesforce Data Loader app, granting the attacker unauthorized access. 

What was exposed

The breach exposed basic business contact information—company names, phone numbers, notes—for small and medium-sized businesses (SMBs). Importantly, this did not include Gmail account passwords, billing details, or other highly sensitive personal data.


Timing and impact

Google completed notifying affected users by August 8, 2025, and publicly confirmed the incident in early August.


Risk factor

The main concern isn’t stolen passwords, it’s the risk of phishing and social engineering attacks using the leaked contact info.


Affected organizations

Notably, Zscaler disclosed that its Salesforce instance was breached in this campaign, resulting in disclosure of customer support case details, business emails, job titles, phone numbers, product data, and regional info. They’ve since revoked integrations and rotated keys.


Response

Salesloft and Salesforce revoked all Drift-related tokens and removed the app from their marketplace. Companies were instructed to revoke credentials, rotate API keys, review logs, and monitor for further unauthorized access.


What You Must Do Now

If your organization uses Salesforce or any third-party integrations like Salesloft Drift:

  1. Audit all connected apps. Deny unnecessary access, apply least privilege.
  2. Revoke and rotate OAuth tokens, API keys, and credentials linked to Salesforce.
  3. Monitor logs for unusual access or SOQL queries, especially deletions or exports.
  4. Train your team. Social engineering remains the biggest risk.
  5. Review support case security. Ensure no sensitive customer info is stored insecurely.

Why So Many People Are Getting Hacked Right Now (And How to Protect Yourself)

February 3, 2026
We've seen it tones of it in just the last few weeks. Different customers. Different emails. Same result: hacked computers, stolen passwords, and hackers controlling their machines remotely. Here's what's happening—and what you need to know to avoid becoming the next victim.

How to Recognize Phishing Scams (Before You Get Hacked)

January 20, 2026
You get an email from your bank. It says there's a problem with your account. Click this link immediately to fix it. You click. You enter your password. Congratulations—you just gave a hacker everything they need to steal your money. That's phishing. And it's the number one way people get hacked. Here's how to spot it before it's too late.

Stop Fake "Microsoft Support" Pop-Ups: Why You Need to Upgrade Your Ad Blocker

December 27, 2025
If you've ever had your screen hijacked by a scary pop-up claiming your computer is infected and demanding you call "Microsoft Support" immediately - you're not alone. These scareware attacks are one of the most common issues we see at Top City Tech, and they're getting more sophisticated every day.  The good news? There's a simple fix that takes just a few minutes.