Google sales data breached in the same scam it discovered

In June, Google uncovered a troubling campaign that was systematically compromising accounts belonging to Salesforce customers. The attackers employed a deceptive tactic, impersonating individuals from the customers' IT departments and claiming that urgent issues necessitated immediate access to the accounts. Two months later, Google has confirmed that it too has suffered from this same series of breaches. These incidents are attributed to financially motivated cybercriminals aiming to pilfer sensitive data, which they hope to sell back to the affected organizations at exorbitant prices. Rather than relying on intricate software exploits, the attackers have adopted a more straightforward approach: they simply contact their targets and request access directly. This method has proven to be alarmingly effective. According to reports from Bleeping Computer, among the companies that have experienced breaches in this campaign are well-known names such as Adidas, Qantas, Allianz Life, Cisco, and luxury brands under the LVMH umbrella, including Louis Vuitton, Dior, and Tiffany & Co. The attackers manipulate a Salesforce feature that allows users to connect their accounts with third-party applications designed to enhance functionality through tools for blogging, mapping, and more. During the operation, the criminals reach out to employees, persuading them to link an external app to their Salesforce accounts. As the employee follows through with this request, they are prompted to provide an eight-digit security code necessary for establishing the connection. Once the attackers receive this code, they gain access to the Salesforce instance and all associated data, effectively compromising the security of the organization.