Hackers issue ultimatum to Google after data brach warning

lightbright

Master Pussy Poster
BGOL Investor
Hackers have threatened to leak Google databases unless the company fires two employees, according to a post on Telegram.

The post claiming to be from a hacking group called on the tech giant to fire Austin Larsen and Charles Carmakal, while also suspending Google Threat Intelligence Group investigations into the network.

The group is claimed to be a network of hackers made up of members from other hacker communities, consisting of Scattered Spider, LapSus, and ShinyHunters. The group has branded itself Scattered LapSus Hunters in reference to this.

Larsen and Carmakal both work in the Google Threat Intelligence Group.

While the group did not provide any proof that they had access to any Google databases, and there have been no recent breaches of Google information, the news comes after Google said in August that ShinyHunters gained information from Salesforce, a third-party that provides some services to Google.

Newsweek has approached Google for comment via email outside regular working hours.

This is a developing story and will be updated.


 
The ShinyHunters hacking group claimed to have infiltrated Google's Salesforce database in June 2025 and stole the contact information of millions of small and medium-sized business customers. Google confirmed the breach in August 2025 and notified affected customers.
Details of the breach
  • Hacker group: The notorious ShinyHunters group claimed responsibility for the breach. The group has been associated with other high-profile data breaches involving companies like AT&T and Ticketmaster.
  • Target: The hackers infiltrated a corporate Salesforce database that Google uses to manage relationships and store contact information for business customers.
  • Method: The hackers used voice phishing, or "vishing," to trick a Google employee into providing login credentials for the internal Salesforce system. Posing as IT support, the attackers persuaded the employee to authorize a malicious version of the Salesforce Data Loader application.
  • Data stolen: The compromised data included business names, contact details, and related notes for small and medium-sized businesses.
  • Impact: While Google stated that the stolen information was largely publicly available and did not include customer passwords, the breach has led to a surge in follow-up scams. Criminals are using the stolen information to launch new voice and email phishing campaigns, impersonating Google support to try and gain access to user accounts.
Subsequent threats and developments
  • Extortion attempt: Following the breach, the ShinyHunters group allegedly attempted to extort Google, threatening to leak data unless the company fired two members of its Threat Intelligence Group.
  • Ongoing scam warnings: As of early September 2025, Google and other cybersecurity experts have continued to warn users about the ongoing threat of phishing attacks stemming from the breach. Gmail users are being advised to enable two-factor authentication and be wary of calls from individuals claiming to be Google support staff.
 
Back
Top