Following a large breach attributed to the hacking group ShinyHunters, Google has warned 2.5 billion Gmail users to reset their passwords and tighten their account security. The incident, which exposed a Google database administered via Salesforce’s cloud platform, is regarded as one of Google’s most serious breaches. Google recommends users to be on high alert for unusual activities and to implement additional security measures, such as two-factor authentication, if they do not already have them.
In This Article
Google Gmail data breach
In June 2025, cybercriminals used social engineering methods to impersonate IT officials over the phone and persuade a Google employee to accept a deceptive Salesforce application. The attackers were able to extract contact information, business names, and associated notes. Google verified that no user credentials were taken, but the stolen information is already being used. Users have reported an increase in phishing emails, fake phone calls, and malicious text messages that deceive victims into revealing login information or resetting passwords.
Google has already seen comparable large-scale attacks, such as the 2018 Google+ API breaches, 2017-2018 Gmail phishing schemes, and the 2016 Gooligan malware campaign, indicating that attackers do not necessarily require passwords to cause serious damage.
Also Read: CMF by Nothing appoints Himanshu Tandon as VP of Business
The stolen Google login information is crucial to hackers, who may impersonate representatives and persuade victims to provide login passwords or sensitive data. Some attackers also use brute force logins, which test weak or commonly used passwords. Victims may face terrible consequences, such as being locked out of their Gmail accounts, losing access to private documents and images, and possibly exposing associated banking and corporate systems.
Google Emergency Warning Gmail
Google notified impacted consumers on August 8, 2025, after investigating the issue at hand. The data was mostly available company information, but experts warned that even simple details might be used in targeted scams.
Here is what the tech firm said, “In June, one of Google’s corporate Salesforce instances was impacted by similar UNC6040 activity described in this post. Google responded to the activity, performed an impact analysis and began mitigations. The instance was used to store contact information and related notes for small and medium businesses. Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off. The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details”
ShinyHunters, also known as UNC6040, is a hacker group that has a history of breaking into company networks for extortion. They imitate IT assistance to deceive staff into authorising malicious Salesforce apps, then use technologies similar to Salesforce’s “Data Loader” to steal large databases. ShinyHunters, founded in 2020, has been connected to high-profile breaches at firms like AT&T, Microsoft, Santander, and Ticketmaster.
Also Read: Moto Buds Loop and Bass earbuds launched in India
What steps can you take to protect yourself?
Users may safeguard themselves by utilising ID Protection’s Data Leak Checker and Dark Web Monitoring to see whether their Gmail account is exposed on the dark web. Improve account security by resetting your Gmail password and using MFA for phishing-resistant logins. Use Trend Micro ScamCheck’s call blocking, SMS filtering, and scam checking capabilities to prevent scammers from reaching you.
Verify suspicious emails purporting to be from Google by sending them to ScamCheck to see whether they are authentic.
Google encourages users to convert to passkeys, which employ fingerprint or facial identification and are resistant to phishing. Run a Google Security Checkup to check your account protections and enable additional security measures.
thanks 🙏