What Happened in the Breach: More than 2.5 billion Gmail users may be at risk after hackers broke into a major Google database. The group behind the attack, known as ShinyHunters, reportedly tricked a Google employee in June and gained access to a database managed through Salesforce’s cloud platform. From there, they stole a huge batch of files containing company names and customer contact details.
Google insists that no passwords were taken during the breach. Still, that hasn’t stopped hackers from targeting people using the stolen information. On the Gmail subreddit, users have already reported fake phone calls and phishing emails from scammers pretending to be Google employees.
How Hackers Are Targeting Users
Cybercriminals are now focusing on fooling people into giving away their login codes or passwords. Cybersecurity expert James Knight told the Daily Mail:
“There’s a huge increase in the hacking group trying to gain leverage on this. There’s a lot of vishing – people calling, pretending to be from Google, text messages coming through in order to get people to log in, or get codes to log in. If you do get a text message or a voice message from Google, don’t trust it’s from Google. Nine times out of 10, it’s likely not.”
These scams can lock users out of their Gmail accounts or expose their personal data. Knight also warned that brute force attacks – where hackers try common passwords like “password” – are another risk. His advice: change your password if it’s weak or easy to guess, and make sure to turn on multi-factor authentication (MFA).
How to Protect Your Gmail Account
Security experts are urging Gmail users to tighten up their protections. Here are some of the best ways to do that:
- Don’t trust suspicious calls or texts. If someone claims to be from Google, assume it’s fake unless you can confirm it.
- Use strong, unique passwords. Avoid easy-to-guess choices like “123456” or “qwerty.”
- Enable multi-factor authentication (MFA). This adds an extra layer of protection by requiring a one-time code when you log in.
- Switch to passkeys. Google is encouraging users to adopt passkeys, which use face or fingerprint login and are far more resistant to phishing.
- Run a Google Security Checkup. This tool reviews your account for weaknesses and suggests extra security measures you can put in place.
- Another thing to be aware of is the so-called “dangling bucket” threat. Hackers can slip into old or forgotten Google Cloud accounts and cause serious damage. A Security Checkup can help identify any hidden gaps like these.
What Google Has Said So Far
Google hasn’t shared many details about the attack yet, but it confirmed the breach on August 5. In a statement, the company said:
“Google responded to the activity, performed an impact analysis and began mitigations. The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.”
The hackers targeted Salesforce, a large database platform Google uses to help manage Gmail services. On August 8, Google also confirmed that emails are already being sent out to those affected by the incident.
Quick Recap: Protecting Your Gmail
-
Don’t trust suspicious calls or texts
-
Use strong, unique passwords
-
Turn on multi-factor authentication (MFA)
-
Switch to passkeys
-
Run a Google Security Checkup
ALSO READ: Google Pixelsnap: The MagSafe-Style Upgrade Android Users Have Been Waiting For
