Global technology giant, Google, has confirmed that one of its corporate databases was recently compromised in a data breach, shining a light on new and sophisticated methods being used by cybercriminals. The incident, while not affecting core user accounts like Gmail or Google Drive, serves as a critical warning to all internet users about the evolving nature of online threats.
According to Google, a notorious cybercriminal group known as ShinyHunters breached a corporate Salesforce database that contained contact information and related notes for small and medium-sized businesses. The breach was not a result of a technical flaw in Google’s systems but rather a successful social engineering attack.
The hackers used a technique called “vishing,” or voice phishing, by impersonating IT support staff and calling a Google employee. Through this deceptive phone call, they tricked the employee into granting them access to the corporate database. This highlights a crucial fact: even the most secure systems can be vulnerable when a human is the target.
While Google has stated that the stolen data was “basic and largely publicly available,” this type of information is a goldmine for scammers. In Nigeria, where social engineering and online fraud are prevalent, this data could be used to launch highly targeted phishing campaigns, business email compromise (BEC) scams, and other forms of cyber fraud. Scammers could use the stolen business details to establish trust and deceive employees or customers into disclosing sensitive information or making fraudulent payments.
The incident highlights the importance of all Nigerians being extra vigilant online and in phone conversations. Cybersecurity experts, both locally and internationally, emphasise that these attacks are not a sign of a company’s weakness but rather a testament to the hackers’ ability to exploit human trust.
What Nigerian Users Must Do
The most important takeaway for every internet user, from individuals to business owners, is to strengthen their personal cyber-defences.
- Do Not Trust Unsolicited Calls: Be suspicious of anyone claiming to be from a company’s IT department or a bank who asks for your login details or to install software. Reputable organisations will never ask for your password over the phone.
- Enable Multi-Factor Authentication (MFA): This is the single most effective way to protect your online accounts. MFA requires a second form of verification (like a code sent to your phone) in addition to your password. Even if a scammer gets your password, they cannot access your account without the second code.
- Be Wary of Phishing: Be cautious of emails or messages that pressure you to act quickly, contain suspicious links, or ask for personal information. Always verify the sender’s address, and if in doubt, contact the company directly through their official channels.
- Use Strong, Unique Passwords: Create a unique and complex password for each account. Consider using a password manager to help you keep track of them all.
The Google breach serves as a stark reminder that cybercrime remains a global challenge. It is no longer just about protecting against technical vulnerabilities; it is also about staying alert and informed to defend against the human element of hacking.
About the Author: Onyedikachi Ugwu is a seasoned cybersecurity professional and passionate writer dedicated to empowering individuals with the knowledge to navigate the digital world safely. By day, he serves as a Sr SOC Analyst at Bell Integration, leveraging his expertise to combat evolving cyber threats. Outside of work, he shares practical insights on a wide range of cybersecurity topics through his blog and speaking engagements at events such as BSides London.
As a Social Engineering SME with The Cyber Helpline, Onyedikachi is well-versed in the tactics scammers use to manipulate victims. His mission is to equip readers with the skills to recognise and avoid deceptive schemes, fostering both safety and trust in the online space.
