A hacker group called UNC6040 has been targeting Salesforce users through voice phishing, tricking employees into giving up credentials and then stealing data using a fake Salesforce Data Loader app. The attacks led to data theft, network access, and later extortion attempts. Google and Salesforce confirmed the platform wasn’t vulnerable but urged users to strengthen security with multi-factor authentication and IP restrictions.

‍