Google’s Threat Intelligence Group says a vishing threat called UNC6040 has been targeting Salesforce applications with a fake data loader.

In an active campaign, a financially motivated threat actor is voice phishing (Vishing) Salesforce customers to compromise their organizational data and carry out subsequent extortion.

Google warns of a sophisticated hacking campaign targeting Salesforce users, involving modified Data Loader app installations leading to extensive data breaches and corporate extortion.

Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to ...

The IOD Data Loader Service is a bi-directional integration offering that allows Salesforce administrators to automate many Salesforce integration processes such as synchronising account ...

Salesforce warned customers of voice phishing, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.

It clarified that the malicious version of the Data Loader is not authorised by Salesforce. "In all observed cases, attackers relied on manipulating end users, not exploiting any vulnerability ...

Cybercriminals are stealing business Salesforce data with this simple trick - don't fall for it The goal is to steal large amounts of confidential data in an attempt to extort the victims.

A financially motivated hacker group has been targeting Salesforce instances for months in a campaign that uses voice phishing to engage in data theft and follow-on extortion attempts, according ...