Industry - Data Breach
Executive Summary
The ShinyHunters extortion group has stolen customer data from multiple major companies including Qantas, Allianz Life, LVMH subsidiaries, and Adidas by tricking employees through voice phishing calls into granting access to their Salesforce CRM systems. Attackers impersonated IT support staff and convinced employees to enter connection codes that linked malicious apps to the companies' Salesforce environments, allowing theft of customer information. The stolen data is currently being used fo...
What Happened
The ShinyHunters extortion group conducted voice phishing attacks against employees at multiple companies including Qantas, Allianz Life, LVMH subsidiaries (Louis Vuitton, Dior, Tiffany & Co.), and Adidas between June and July 2025. Attackers impersonated IT support staff during phone calls and convinced employees to enter connection codes that linked malicious applications to their companies' Salesforce CRM systems, enabling unauthorized access to customer databases. Google's Threat Intelligence Group identified the attackers as UNC6040 and noted they sometimes used fake Okta login pages to steal credentials and multi-factor authentication tokens.
Who Is Affected
Customers of the breached companies are affected, with their personal information stored in Salesforce CRM systems now compromised. The impacted individuals span multiple countries and industries, including airline passengers (Qantas), insurance policyholders (Allianz Life), and luxury goods customers (LVMH brands and Adidas). Employees who were targeted in the social engineering attacks may also face professional consequences for inadvertently granting system access.
Why It Matters
This campaign demonstrates how sophisticated social engineering can bypass technical security controls, even at major corporations with presumed strong cybersecurity measures. The attacks reveal a systemic vulnerability affecting multiple organizations using the same CRM platform, showing that third-party cloud services represent concentrated risk points. ShinyHunters is currently conducting private extortion attempts, but the group has a history of publicly releasing stolen data when companies refuse to pay, potentially exposing customer information from multiple major brands simultaneously.
What You Should Do
If you are a customer of any affected company, monitor your accounts for suspicious activity and consider placing fraud alerts with credit bureaus. Enable multi-factor authentication on all accounts where available, particularly those containing financial or personal information. Be cautious of unsolicited communications claiming to be from these companies, as stolen data may be used for targeted phishing attacks. Check whether the affected companies have offered credit monitoring services or other protective measures in their breach notifications.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources
Related Events
- Industry - Data BreachJun 15, 2026
The ShinyHunters hacking group breached Infinite Campus's Salesforce system in M...
- Industry - Data BreachJun 7, 2026
HVAC/R wholesale distributor Baker Distributing Company suffered a data breach i...
- Industry - Data BreachMay 18, 2026
7-Eleven confirmed a data breach after the hacking group ShinyHunters demanded r...
- Industry - Data BreachMay 28, 2026
The ShinyHunters ransomware group breached American insurance company Kemper Cor...
- Industry - Data BreachJun 10, 2026
The ShinyHunters extortion gang is exploiting vulnerabilities in Oracle PeopleSo...