Google is facing a double blow to its cybersecurity defences — one involving its cutting-edge Gemini AI and the other tied to a major data breach in its Salesforce environment. Both of these incidents make me worry about how cybercriminals are changing their methods to go after even the biggest tech companies in the world.
Part 1 – The Gemini AI Smart Home Hack
A Look at What Happened
Recently, security researchers showed they could hack Google’s Gemini AI assistant. This was the first public example of AI being used to cause real-world, physical effects.
The attack took benefit of Gemini’s ability to connect to smart home devices, that let them control items like lights, shutters, and even window settings.
Why It Matters
This attack is a lot more than taking data; it demonstrates how AI can be used to change the actual world. The demonstration shows that if AI assistants have been compromised, they could be used to get into IoT (Internet of Things) vulnerabilities in homes that are connected to the internet.
How the Hack Worked
- Researchers put a bad prompt in a link to a Google Calendar event.
- When the user asked Gemini for a summary of their calendar and said thank you, the hidden instructions put away Google’s Home AI agent.
- The AI then executed real-world smart home commands.
This was an indirect prompt injection attack. The bad instructions weren’t typed in by the user; they were concealed in content that Gemini processed.
Demonstration & Disclosure
- The hack was presented at the Black Hat cybersecurity conference.
- Researchers disclosed their findings to Google in February 2025.
- Google’s privacy team took the report “extremely seriously” and accelerated development of tools to block such attacks.
Expert Opinions
Andy Wen, Senior Director of Security Product Leadership at Google Workspace, noted:
- Prompt injection attacks are “exceedingly rare” but hard to uphold against due to the complexity of large language models (LLMs).
- Google’s goal is to guarantee everyday users won’t require to worry about such dangers in the future.
Part 2 – The Salesforce Data Breach Linked to ShinyHunters
Incident Summary
In June 2025, Google verified that one of its corporate Salesforce situations — used to store contact information and related notes for small and small to medium- businesses — had been breached.
The attack was part of a bigger ShinyHunters campaign targeting major international companies, including Adidas, Allianz Life, Cisco, Dior, Louis Vuitton, and Pandora.
Threat Actors Involved UNC6040
- Accountable for the beginning intrusion.
- UNC6240: Conducts extortion attempts, often months after the breach.
- Both groups are connected to ShinyHunters, with feasible ties to Scattered Spider and the hackers network The Com.
Data Stolen
- Type: Business names and contact details — information Google explains as “basic and mostly publicly available.”
- Duration of Access: Only a tiny window earlier than Google cut off the breach.
- Number of customers who were affected: not known.
How the Attack Was Carried Out
- The hackers used phishing (voice phishing) to imitate IT support staff.
- Employees were directed to Salesforce’s connected app set up page.
- Victims were fooled into accepting a malicious variant of the Salesforce Data Loader tool — occasionally renamed “My Ticket Portal” to seem legitimate.
- In some cases, malware pages mimicking Okta login channels were also used to steal information and MFA tokens.
Extortion Tactics
- Victims receive calls or emails requesting bitcoin payment within 72 hours.
- Messages regularly claim to be from ShinyHunters.
- There are indications the group is getting ready a Data Leak Site (DLS) to pressure victims further.
Salesforce’s Statement
Salesforce confirmed:
- Its personal systems were not compromised.
- The attacks exploited human aspects via social engineering, not platform vulnerabilities.
Wider Implications for Cybersecurity
The AI hijack and the Salesforce breach show how cyber threats are getting worse:
- AI Privacy Risks: As AI systems like Gemini become merged into physical environments, malicious prompt injections could have safety implications.
- CRM Platform Exploitation: Even when core systems remain secure, attackers can still get access by influencing human behaviour.
- Long-Tail Extortion: Groups like ShinyHunters are cautious, sometimes waiting months before asking for payment, increasing the pressure on victims.
What Comes Next
Cybersecurity experts warn that:
- Because LLMs are so complicated, they will be easier targets for AI-targeted hacks.
- Voice phishing and social engineering will remain successful for breaching CRM systems.
- Threat groups may growing operate under an extortion-as-a-service model, trading stolen data or handling ransom negotiations for other hackers.
Note: Google has not confirmed if it received ransom demands in either incident, yet both cases emphasise the need for increased vigilance, employee training, and AI security testing.
