Hacker Neue

Preferences
kyrra parent
From the source: https://cloud.google.com/blog/topics/threat-intelligence/voi...

> The instance was used to store contact information and related notes for small and medium businesses. Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off. The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.

sugarpimpdorsey
> Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off.

That's a pretty nonchalant way to say "they totally stole stuff before we knew what was going on or could stop them".

trhway
On the other side, giving how slow and cumbersome data extraction from enterprise software, may be they are saying that the hackers also didn't get that much and far.
jedc
"store contact information and related notes for small and medium businesses"

Most likely translation: it affected the Google SMB sales team's Salesforce instance

angmarsbane
My understanding is that the Cloud org uses Salesforce, the rest of Google uses a self-developed solution.
lesuorac
> The data retrieved by the threat actor was confined to basic and largely publicly available business information

Which is to say, they took public _and_ private data and the private data is something we don't wish to publicly admit so probably not good.

nitwit005
This is generally what people try to steal out of Salesforce. I doubt it's as innocuous as that makes it sound, as they wouldn't bother if they couldn't make money off of it. I assume there is some secondary scheme, like fraudulent billing.
coredog64
Having seen the AWS version of this type of data store, it's typically got information like billing account numbers, internal email addresses of stakeholders, customer notes about NDA'd strategy, and lists of bugs/feature requests the customer is interested.

Could totally see someone sending a message like "Hey, your TAM asked me to talk to you about $IMPORTANT_FEATURE_REQUEST, can you grant me read access in the account where you're developing $UPCOMING_SECRET_PROJECT so I can get some additional color?" It might even be enough to get someone on a conference call and pump them for MNPI about $UPCOMING_SECRET_PROJECT under the guise of ensuring that the feature request is helpful.

gundmc
Yeah, perhaps sending fake invoices to customers? There's a lot of precedent for that:

https://krebsonsecurity.com/2025/07/phishers-target-aviation...

sunaookami
I despise communication like this: "it doesn't really matter, it was just a very very very small portion of users with uninteresting data, really, believe us!". Is it some kind of legal thing? Does an actual apology open them up for lawsuits or what?

This item has no comments currently.

Keyboard Shortcuts

Story Lists

j
Next story
k
Previous story
Shift+j
Last story
Shift+k
First story
o Enter
Go to story URL
c
Go to comments
u
Go to author

Navigation

Shift+t
Go to top stories
Shift+n
Go to new stories
Shift+b
Go to best stories
Shift+a
Go to Ask HN
Shift+s
Go to Show HN

Miscellaneous

?
Show this modal