According to Google’s own disclosure and surrounding coverage, ShinyHunters tricked employees into installing a booby-trapped copy of Salesforce Data Loader, then siphoned off a trove of SMB contact info (notes, emails, phone numbers etc.)
Classic case of a breach using social engineering as the way-in to harvesting customer data; from one of the biggest companies in the world.
This kind of attack is only going to become cheaper to run, easier, and as a result - more common, and with a lower bar for targets.