Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

ShinyHunters uses vishing to breach Salesforce data

AI-powered voice scams fuel ShinyHunters’ global attacks.

byAytun Çelebi
September 3, 2025
in Cybersecurity

The cybercrime group ShinyHunters has garnered international attention after Google advised its 2.5 billion users to enhance their security protocols. This recommendation followed a data breach that exploited vulnerabilities within Salesforce, a widely-used customer management platform.

Unlike conventional data breaches involving direct intrusion into databases, ShinyHunters, alongside other groups, has recently employed voice-based social engineering, known as “vishing,” to target major corporations. Vishing represents a form of social engineering where individuals are manipulated into divulging confidential information or performing actions under false pretenses.

In a vishing attack, a perpetrator impersonates an IT helpdesk employee to deceive an actual employee into revealing passwords or multi-factor authentication codes, thereby gaining unauthorized system access. Though not a novel tactic, the increasing sophistication of deepfakes and AI-driven voice cloning has made vishing more difficult to detect. These technologies enable criminals to convincingly mimic voices and create realistic scenarios, enhancing their deceptive capabilities.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Throughout the current year, several prominent companies, including Qantas, Pandora, Adidas, Chanel, Tiffany & Co., and Cisco, have reported being targeted through similar vishing methods, impacting millions of users. These incidents highlight the widespread vulnerability to social engineering tactics.

ShinyHunters, a cybercrime group, emerged in 2020, claiming responsibility for successful attacks against 91 victims. The group’s primary motivation is financial gain, though they have demonstrated a willingness to inflict reputational damage on their targets. In 2021, ShinyHunters announced the sale of data allegedly stolen from 73 million AT&T customers, illustrating the scale of their operations.

Prior to employing vishing, ShinyHunters targeted companies by exploiting vulnerabilities in cloud applications and website databases. Their focus on customer management providers like Salesforce enables them to access extensive data sets from multiple clients through a single successful attack. This approach amplifies the potential impact of their breaches.

The group’s adoption of social engineering techniques signals a shift in their modus operandi. This evolution is reportedly linked to their collaborations with other cybercriminal entities. In mid-August, ShinyHunters announced on Telegram a partnership with Scattered Spider and Lapsus$ to target Salesforce and Allianz Life. Telegram removed the channel shortly after its launch. The group subsequently released Allianz Life’s Salesforce data, which contained 2.8 million records pertaining to customers and corporate partners.

Scattered Lapsus$ Hunters, a rebranded iteration of Lapsus$, has recently advertised the provision of ransomware-as-a-service. This offering involves launching ransomware attacks on behalf of paying clients. The group claims its service surpasses those of other cybercrime organizations, including LockBit and Dragonforce. Instead of private negotiations, they often publish extortion messages publicly.

The cybercriminal landscape involves overlapping memberships among groups like ShinyHunters, Scattered Spider, and Lapsus$. These groups operate internationally, with members participating from various locations on the dark web. Further complicating matters, each group is often identified by multiple aliases; Scattered Spider, for instance, is also known as UNC3944, Scatter Swine, Oktapus, Octo Tempest, Storm‑0875, and Muddled Libra.

Individual users can take limited direct action against organized cybercrime. Maintaining personal vigilance against scams is crucial for self-protection. Social engineering effectively exploits human emotions and the inclination to trust and assist.

Companies can proactively mitigate the risks of vishing. Implementing awareness training and scenario-based education programs for employees is vital. Verification methods, such as on-camera checks requiring employees to present corporate badges or government-issued identification, can also be implemented. Asking questions that cannot easily be answered with publicly available information online presents another layer of defense.

Organizations can bolster security by deploying authenticator applications that mandate phishing-resistant multi-factor authentication, incorporating techniques like number matching or geo-verification. Number matching necessitates users to input numbers from the identity platform into the authenticator app to validate authentication requests. Geo-verification uses the user’s physical location as an additional authentication factor.


Featured image credit

Tags: GooglesalesforceShinyHunters

Related Posts

WestJet cyberattack: 1.2m passengers’ data stolen

WestJet cyberattack: 1.2m passengers’ data stolen

October 2, 2025
Wiz: AI vibe coding leads to insecure authentication

Wiz: AI vibe coding leads to insecure authentication

September 29, 2025
DHS uses AI to detect AI-generated child abuse material

DHS uses AI to detect AI-generated child abuse material

September 29, 2025
Salesforce Agentforce hit by Noma “ForcedLeak” exploit

Salesforce Agentforce hit by Noma “ForcedLeak” exploit

September 26, 2025
Co-op Group reports £75m loss after April cyber-attack

Co-op Group reports £75m loss after April cyber-attack

September 25, 2025
Taiwan industrial production up 14.4% in August thanks to AI chips

Taiwan industrial production up 14.4% in August thanks to AI chips

September 25, 2025

LATEST NEWS

Z.AI GLM-4.6 boosts context window to 200K tokens

OpenAI releases Sora 2, iOS app with real-world inserts

Bitrig: SwiftUI apps from voice using Apple Intelligence

Bengio warns hyper-AI preservation goals threaten humanity

Apple TV 4K to feature A17 Pro chip and Apple Intelligence

Instagram tests Reels-first home tab in India

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.