Google said a hacking group it tracks as UNC6040, also known as ShinyHunters, accessed one of the company’s Salesforce databases in June, obtaining contact information and related notes for small- and medium-business customers. The intruders gained entry through voice-phishing techniques but were blocked "within a small window of time," the company disclosed late Tuesday. The same campaign has spread to the retail sector. Jewelry maker Pandora and fashion house Chanel separately notified customers this week that attackers stole names, email addresses and, in Pandora’s case, birth dates from Salesforce-hosted customer databases. Both firms said no passwords or payment details were taken. Google warned that ShinyHunters may escalate the extortion effort by launching a data-leak site. Although no ransom demands have been confirmed, security researchers say the group has previously pressured victims through public disclosures of stolen data. Salesforce said its platform was not compromised and attributed the incidents to stolen or misused customer credentials. Security advisers urged organisations to enforce multi-factor authentication, restrict third-party app installations and review access rights as the wave of Salesforce-focused breaches, active since at least January, continues to widen.