ShinyHunters' CRM Heist

ShinyHunters' CRM Heist

From State of Cybercrime by Varonis, Matt Radolec, David Gibson

August 18, 2025 · 26 min · Season 3 · Episode 28

About this episode

This episode discusses how ShinyHunters executed a major CRM-focused attack on prominent companies using Salesforce without exploiting software vulnerabilities.

One phone call was all it took for ShinyHunters to breach some of the world's biggest brands. By exploiting Salesforce to infiltrate Google, Cisco, and many others, this group has shown just how vulnerable organizations can be when well-known SaaS platforms become the attack vector. In this special State of Cybercrime episode, Matt and David break down how ShinyHunters pulled off one of the largest CRM–focused attacks of the year without exploiting a single software vulnerability.

People in this episode

Hosts: Matt Radolec, David Gibson

Topics covered

  • cybercrime
  • SaaS vulnerabilities
  • CRM attacks
  • data breach
  • cybersecurity

Keywords

  • ShinyHunters
  • Salesforce
  • Google
  • Cisco
  • CRM attack
  • cybersecurity
  • data breach

Mentioned in this episode

Organizations: ShinyHunters, Salesforce, Google, Cisco

More episodes of State of Cybercrime

Explore listener stats, chart rankings, contacts and more on the State of Cybercrime podcast page.