In a striking example of how cybercrime is evolving, a group known as ShinyHunters has pulled off a sophisticated attack targeting some of the world’s most recognisable brands — including Google, Pandora, Chanel, Air France and KLM. But rather than relying solely on technical wizardry, they picked up the phone.
The attackers used a method known as voice phishing, or “vishing”, posing as IT support staff and convincing employees to hand over login credentials. These weren’t random cold calls — they were calculated, informed, and alarmingly effective. Once inside, the group exploited weaknesses in Salesforce, the widely used customer relationship management platform, to access sensitive data and launch extortion attempts.
What makes this attack particularly unsettling is the blend of social engineering and cloud exploitation. The criminals didn’t just steal passwords — they manipulated multi-factor authentication, hijacked sessions, and even rewired email routing rules to intercept communications. It’s a chilling reminder that even the most robust technical defences can be undone by a well-placed phone call.
ShinyHunters aren’t new to the scene. They’ve been linked to a string of high-profile breaches over the past few years, but this latest campaign shows a level of maturity and planning that’s hard to ignore. Their understanding of internal systems and workflows allowed them to move laterally within organisations, often undetected.
Google’s security team has since issued guidance urging companies to tighten access controls on platforms like Salesforce, monitor for unusual login activity, and educate staff on the risks of social engineering. The message is clear: technical security alone isn’t enough. Human awareness is now a frontline defence.
As investigations continue and affected companies work to contain the damage, the ShinyHunters attack stands as a stark example of how cyber threats are becoming more personal, more targeted, and more difficult to spot — until it’s too late.