Latest news with #ShinyHunters
Forbes
a day ago
- Business
- Forbes
Air France and KLM Make 5 Airlines Hacked In 2 Months
Air France and KLM Royal Dutch Airlines—the flagship carriers of France and the Netherlands—were the latest in a string of global carriers to be hacked since mid-June. Five global airlines—WestJet in Canada, Hawaiian Airlines in the US, Qantas in Australia, Air France in France and KLM in the Netherlands—have been hacked in the past two months. getty On Thursday, Air France alerted customers via email of 'a recent data breach involving your personal data' whereby 'a fraudster gained limited access to a third-party system that is used by Air France.' KLM, which sent a similar breach notification to its customers, confirmed to Forbes in an email that the incident 'occurred last week and it was quickly analyzed and contained.' Some customers' first names, frequent flyer numbers and tier levels were exposed, but credit card details, passport numbers, frequent flyer miles balances and booking information were not, according to the email to Air France customers. A hacker group called ShinyHunters claims to be behind the attacks, and cyber experts believe this group overlaps with Scattered Spider, which was behind the WestJet, Hawaiian and Qantas breaches. KLM sent a similar breach notification to its customers and said in a press release that it had 'detected unusual activity on an external platform we use for customer service.' Neither Air France nor KLM has disclosed which customer service platform was breached, but multiple cybersecurity authorities, including the cybersecurity software company Malwarebytes and Infosecurity magazine, have chronicled how ShinyHunters have had success targeting high-profile Salesforce customers, including Google, Cisco, Adidas and Allianz. Airlines make good targets because they are so complex, William Wright, a Scotland-based cybersecurity expert for Closed Door Security, told Forbes. 'They are massive, with loads and loads of supply chain,' he said. 'It's very obvious where the weak links are. Unfortunately for the airlines, there's very little they can do directly, because usually it's a third party that owns the system.' Named after a popular practice among Pokémon players to actively seek out and try to capture 'shiny Pokémon,' ShinyHunters is a well-established black-hat hacking collective responsible for several high-profile data breaches and leaks in recent years. Recent victims include Ticketmaster and the Spanish online bank Santander. ShinyHunters are thought to be affiliated with Scattered Spider, a loose community of hackers that has been credited with many high-profile cyberattacks in recent years, including the 2023 ransomware attacks on MGM Resorts and Caesars Entertainment, the British retailer Marks & Spencer and the insurance company Aflac. But it can often be difficult to attribute a cyberhack to a specific group, Wright told Forbes. 'You quite often see people with specific skill sets being called into different groups. If we use Spider as an example, it's possible one of their team has a specific set of skills with Salesforce, and therefore ShinyHunters has hired them. They will recruit from other groups when they have skill set requirements.' Why Are Frequent Flyer Miles So Valuable To Hackers? Loyalty programs are often poorly protected, Wright told Forbes. A second built-in vulnerability is the flexibility they offer customers in how they can spend miles or points. Air France's Flying Blue program is typical in allowing customers to spend miles on items other than flights—including hotels, duty-free shopping and online shopping. 'The main thing that any attacker wants to do is get the asset out of whatever system it's in,' Wright said. 'If they can spend the reward points on other things, then that's the way they'll do it. And once those points leave the airline, they are essentially untraceable.' If the airline hacks are part of what Infosecurity calls 'an ongoing data theft campaign targeting Salesforce instances.' Many of ShinyHunters' attacks employ voice phishing, as Google Threat Intelligence Group explained in a recent blog post: 'This approach has proven particularly effective in tricking employees, often within English-speaking branches of multinational corporations, into actions that grant the attackers access or lead to the sharing of sensitive credentials, ultimately facilitating the theft of organization's Salesforce data. In all observed cases, attackers relied on manipulating end users, not exploiting any vulnerability inherent to Salesforce.' All of this has led cybersecurity experts to believe the hacks were the work of Salesforce experts. 'Typically, what you get is a collection of people who have a specific set of skills. And it may very well be the reason they're targeting Salesforce is because the people who are behind it actually know Salesforce,' Wright speculated. 'Most likely if these attackers are ever caught, we'll probably find they used to be Salesforce developers or Salesforce administrators, or there will be some connection there.' Salesforce denied that its software is the weak link. 'The Salesforce platform has not been compromised, and this issue is not due to any known vulnerability in our technology,' a company spokesperson told Forbes in an email. 'It's true that the Salesforce platform itself hasn't had a vulnerability, but it's being used maliciously. It's that fine line between a very customizable piece of software and opening the door to misuse,' Wright said. Surprising Fact The hackers pulling off these huge breaches are often in their early 20s or even teens. 'A lot of these groups who are not state aligned tend to be a group of younger people who are bored, have a skill set but just don't have that moral boundary to go off and do these things,' Wright said. 'They definitely have much less experience in life with consequences.' Further Reading These 3 Airlines Were Cyberattacked In The Last 3 Weeks—Here's What We Know (Forbes)
Phone Arena
a day ago
- Business
- Phone Arena
Google suffers a serious data breach at the hands of a ransomware group
There has been a data breach involving one of Google's corporate databases, and data was obtained by the hackers. This was confirmed on August 5th by the Google Threat Intelligence Group (GTIG), which posted that the group responsible for the data breach had a connection to the ShinyHunters ransomware group. Google noted that the data stolen was "basic and largely publicly available business information, such as business names and contact details." The MO of the ShinyHunters group makes the breach concerning. The ransomware group typically uses emails and phone calls to extort its victims, no later than three days after the targeted files have been compromised. Back in June, Google said that it "observed" the ShinyHunters group attacking multi-national companies to steal data from these firms' Salesforce platforms. Salesforce offers cloud-based services to help companies manage their relationships with customers, also known as Customer Relations Management (CRM). The bogus Data Loader requested an eight-digit code that connected the victim to the attacker. | Image credit-Google GTIG said that the attacks targeted English-speaking employees working for Salesforce clients and used voice phishing to trick the employee into connecting a modified version of Salesforce's Data Loader application. The aforementioned English-speaking employees received phone calls from someone claiming to be IT support personnel, telling the targeted employee to accept a connection to the client application known as Salesforce Data Loader. As its name suggests, this is a key tool used by administrators and developers at Salesforce looking to import, export, update, or delete a large amount of data. Because the organizations being targeted by the attackers are Salesforce clients and use its CRM platform, the request from the bad actors to install the Data Loader doesn't appear to be unusual. To connect the victim with the attackers, the latter persuades the victim on the phone to open the Salesforce Connect setup page and enter an 8-digit connection code. This connects the victim to the attacker. Google itself became a victim of this attack in June when one of its Salesforce CRM installations was breached and customer data stolen. Bleeping Computer spoke with ShinyHunters this past Wednesday and was told that it breached several Salesforce instances, including one related to a trillion-dollar company. The threat actor said that it might decide to just leak the data from that company instead of using it to extort the firm. It is not known for sure whether that company is Google, even though the description fits. Other companies being attacked are extorted through email, with the threat actor demanding that they pay a ransom in order to keep the data from getting publicly leaked. The CEO of Closed Door Security, William Wright, said, "The news that Google has suffered a data breach in the recent wave of attacks executed by ShinyHunters highlights that no organization is immune to cybercrime. It doesn't matter if you are a small business or one of the world's leading technology firms, all organizations are vulnerable." For Google, having to deal with a data breach that seeks to extort money from the search giant is just another hassle that the company has had to deal with lately. At the end of last month, the Ninth Circuit Court of Appeals ruled against Google's appeal thus upholding a jury verdict that called Google's Play Store app storefront an illegal monopoly. Additionally, the company is faced with the possibility of losing its search monopoly through the U.S. courts and also through the progression of technology. With AI becoming more accessible through free apps and websites, many are turning to ChatGPT, Gemini, and other AI apps to get more detailed responses than those available from Google Search which is the leading search engine in the world with a market share approaching 90%. Get 50% off – try it for 3 months today! We may earn a commission if you make a purchase Check Out The Offer
Forbes
2 days ago
- Forbes
Confirmed: Google Has Been Hacked — User Data Compromised
Update, August 8, 2025: This story, originally published on August 7, has been updated with additional information from cybersecurity experts regarding the confirmed hacking of Google that has exposed user data. The Google Threat Intelligence Group has officially confirmed that user data has been stolen following a successful hack attack impacting one of its databases. Here's what we know so far. Google Has Been Hacked — Data Has Been Compromised This is not a warning that the Google Chrome web browser is in need of an urgent security update, or a story about switching from passwords to passkeys to protect your Google account. No, this is exactly what the headline says: Google has been hacked. Source? That would be Google itself. An August 5 posting by the Google Threat Intelligence Group has confirmed that one of the corporate databases was impacted by hackers thought to be associated with the ShinyHunters ransomware group, more formally known as UNC6040. 'Google responded to the activity, performed an impact analysis and began mitigations,' the GTIG posting stated, adding the database in question was a Salesforce instance 'used to store contact information and related notes for small and medium businesses.' 'The speed at which organisations are falling victim to cyber attacks targeting Salesforce instances is nothing short of alarming,' Robin Brattel, CEO at Lab 1, said. 'We need to be honest: malicious campaigns are being scaled quicker than ever as hackers are using information that's already been made public, often from past data breaches, to target organisations.' Customer data was, Google said, 'retrieved by the threat actor,' in the short period of time that the attack window remained open. Although Google has not gone into great detail regarding the attack as of yet, it did confirm that the stolen data consisted of 'basic and largely publicly available business information, such as business names and contact details.' I reached out to Google for a statement and a spokesperson told me that the 'details that we're able to share at this time can all be found in our blog update,' adding that this includes additional information regarding the ShinyHunters associated UNC6040 threat group, which 'provides the security community with actionable intelligence on this actor.' Google also stated that ShinyHunters commonly uses an attack tactic of extorting victims using emails or telephone calls demanding bitcoin ransom payments within 72 hours of compromise. It has not, however, confirmed or denied that this was the case here. Google did confirm that the attack itself occurred in June. What Cybersecurity Experts Have To Say About The Hacking of Google 'The news that Google has suffered a data breach in the recent wave of attacks executed by ShinyHunters highlights that no organisation is immune to cybercrime,' William Wright, CEO of Closed Door Security, said, adding: 'It doesn't matter if you are a small business or one of the world's leading technology firms, all organizations are vulnerable.' While Google's update provides an overview of how these attacks unfolded, Wright continued, 'it does not state whether the impacted organisations have been informed, or, if they have been informed, when they were informed.' Which means that the cybercriminals involved, ShinyHunters or not, could have had this information fro two months to do with what they saw fit. 'Google has long been one of the leading companies in the world when it comes to cybersecurity,' Jamie Akhtar, CEO of CyberSmart, said, concluding that 'if it can happen to one of the wealthiest and best-defended companies in the world, it can happen to anyone.'
Forbes
3 days ago
- Forbes
Google Confirms It Has Been Hacked — User Data Stolen
The Google Threat Intelligence Group has officially confirmed that user data has been stolen following a successful hack attack impacting one of its databases. Here's what we know so far. Google Has Been Hacked — Data Has Been Compromised This is not a warning that the Google Chrome web browser is in need of an urgent security update, or a story about switching from passwords to passkeys to protect your Google account. No, this is exactly what the headline says: Google has been hacked. Source? That would be Google itself. An August 5 posting by the Google Threat Intelligence Group has confirmed that one of the corporate databases was impacted by hackers thought to be associated with the ShinyHunters ransomware group, more formally known as UNC6040. 'Google responded to the activity, performed an impact analysis and began mitigations,' the GTIG posting stated, adding the database in question was a Salesforce instance 'used to store contact information and related notes for small and medium businesses.' Customer data was, Google said, 'retrieved by the threat actor,' in the short period of time that the attack window remained open. Although Google has not gone into great detail regarding the attack as of yet, it did confirm that the stolen data consisted of 'basic and largely publicly available business information, such as business names and contact details.' I have reached out to Google for a statement. Google has stated that ShinyHunters commonly uses an attack tactic of extorting victims using emails or telephone calls demanding bitcoin ransom payments within 72 hours of compromise. It has not, however, confirmed or denied that this was the case here. Google did confirm that the attack itself occurred in June. This is a developing story, and I will update it if more information from Google is forthcoming.
Business Insider
3 days ago
- Business
- Business Insider
Google (GOOGL) Becomes Latest Victim of ShinyHunters Salesforce Hack
U.S. tech giant Alphabet (GOOGL) has revealed that it has become the latest victim of a data breach using Salesforce (CRM) databases. Elevate Your Investing Strategy: Take advantage of TipRanks Premium at 50% off! Unlock powerful investing tools, advanced data, and expert analyst insights to help you invest with confidence. Google revealed in a blog post that some customers' information has been stolen via one of its Salesforce database systems. Google Hunt Google's Threat Intelligence Group said the database is used for storing contact information and related notes for small and medium businesses. It has been breached by a hacking group known as ShinyHunters. 'The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details,' the company said. Google did not reveal how many customers are affected or whether it has received a ransom demand. Google did say, however, that the ShinyHunters group is likely preparing a data leak site, which some ransomware gangs use to publish stolen data to extort victims into paying a ransom. Long Line of Hits A number of companies using Salesforce have also witnessed data breaches in recent weeks. This includes French luxury brand Chanel, fellow premium group Louis Vuitton (LVMUY), Dior, Tiffany & Co, Adidas (ADDYY), Qantas (QUBSF) and Allianz Life. Hackers from the ShinyHunters group have been stealing data from Salesforce customers since early 2025. They use a trick called 'social engineering,' in which they call employees pretending to be IT support and convince them to install a fake app. This allows hackers to bypass normal security and access sensitive customer data. Salesforce confirmed that its platform has not been compromised. Instead, the breaches stem from credential theft and poor access controls on the customer side. The company is urging users to adopt best practices, including multi-factor authentication (MFA), limited access, and tighter oversight of connected applications. However, the incidents are still likely to have caused a dent in Salesforce's reputation with clients and the wider public. As one can see below, tech risks are key for both the business and investors. Is CRM a Good Stock to Buy Now? On TipRanks, CRM has a Moderate Buy consensus based on 33 Buy, 9 Hold and 2 Sell ratings. Its highest price target is $440. CRM stock's consensus price target is $351.59, implying a 41.88% upside.
