Update, August 8, 2025: This story, originally published on August 7, has been updated with additional information from cybersecurity experts regarding the confirmed hacking of Google that has exposed user data.
The Google Threat Intelligence Group has officially confirmed that user data has been stolen following a successful hack attack impacting one of its databases. Here’s what we know so far.
Google Has Been Hacked — Data Has Been Compromised
This is not a warning that the Google Chrome web browser is in need of an urgent security update, or a story about switching from passwords to passkeys to protect your Google account. No, this is exactly what the headline says: Google has been hacked.
Source? That would be Google itself.
An August 5 posting by the Google Threat Intelligence Group has confirmed that one of the corporate databases was impacted by hackers thought to be associated with the ShinyHunters ransomware group, more formally known as UNC6040.
“Google responded to the activity, performed an impact analysis and began mitigations,” the GTIG posting stated, adding the database in question was a Salesforce instance “used to store contact information and related notes for small and medium businesses.”
“The speed at which organisations are falling victim to cyber attacks targeting Salesforce instances is nothing short of alarming,” Robin Brattel, CEO at Lab 1, said. “We need to be honest: malicious campaigns are being scaled quicker than ever as hackers are using information that’s already been made public, often from past data breaches, to target organisations.”
Customer data was, Google said, “retrieved by the threat actor,” in the short period of time that the attack window remained open. Although Google has not gone into great detail regarding the attack as of yet, it did confirm that the stolen data consisted of “basic and largely publicly available business information, such as business names and contact details.”
I reached out to Google for a statement and a spokesperson told me that the “details that we’re able to share at this time can all be found in our blog update,” adding that this includes additional information regarding the ShinyHunters associated UNC6040 threat group, which “provides the security community with actionable intelligence on this actor.”
Google also stated that ShinyHunters commonly uses an attack tactic of extorting victims using emails or telephone calls demanding bitcoin ransom payments within 72 hours of compromise. It has not, however, confirmed or denied that this was the case here. Google did confirm that the attack itself occurred in June.
What Cybersecurity Experts Have To Say About The Hacking of Google
“The news that Google has suffered a data breach in the recent wave of attacks executed by ShinyHunters highlights that no organisation is immune to cybercrime,” William Wright, CEO of Closed Door Security, said, adding: “It doesn’t matter if you are a small business or one of the world’s leading technology firms, all organizations are vulnerable.” While Google’s update provides an overview of how these attacks unfolded, Wright continued, “it does not state whether the impacted organisations have been informed, or, if they have been informed, when they were informed.” Which means that the cybercriminals involved, ShinyHunters or not, could have had this information fro two months to do with what they saw fit.
“Google has long been one of the leading companies in the world when it comes to cybersecurity,” Jamie Akhtar, CEO of CyberSmart, said, concluding that “if it can happen to one of the wealthiest and best-defended companies in the world, it can happen to anyone.”
