India

Google Urges 2.5 billion Gmail Users to Act Now After Salesforce-Related Data Breach

Google warns 2.5 billion Gmail users about phishing risks and tells them to take immediate action in response to a Salesforce system data breach. Now there are six suggested crucial safety regulations, including passkeys and Advanced Protection, to lock the accounts.

Google has declared a worldwide security issue, asking the entire 2.5 billion Gmail subscribers to change their passwords right now and increase their security controls after one of its Salesforce databases was compromised.

What happened?

This hack was based on a vulnerability in the Google corporate Salesforce system, which contains fundamental contact data on small and medium-sized business clients. Even though Gmail and Google Cloud accounts did not suffer any security breach, the leaked information (company names and emails) has contributed to a significant increase in high-quality phishing and impersonation attacks.

The threat landscape

The Salesforce breach was used by hackers such as the well-known ShinyHunters (also known as UNC6040) to collect business contacts information.
Although the stolen information might not appear overly dangerous, its misuse by cybercriminals has already resulted in an explosion of phishing emails, voice-based phishing (vishing) and other forms of social engineering.
According to the Threat Analysis Group at Google, phishing and vishing have become the most common types of successful Gmail account takeovers (37 percent).

What Google recommends:

Google has also revealed 6 key security rules that must be followed by all users immediately to protect their security:The first thing to do is to change your password, using a strong, unique passphrase.
Turn on non-SMS 2FA (2 step verification or 2SV) – using authenticator applications or hardware security keys – because 2FA by SMS is not secure.
Use passkeys that are more secure than a password and they can never be phished as they are on your device.

Sign up to the Advanced Protection Program of Google, which provides the best protection against targeted attacks.

Watch out: Be suspicious of unsolicited emails and phone calls requesting credentials, or app passwords. The Google people do not randomly make phone calls to users to inform them of a security issue.
Check your account activity on a regular basis and turn on phishing filters that will identify and prevent suspicious activity.

Furthermore, another option suggested to users is Google Security Checkup tool, password managers, and ensuring that their operating systems and applications are kept up-to-date with the latest updates.

Why this matters

Google issued a warning that could be among the biggest security warning of the past few years that social engineering campaigns are on the rise. Although the breach in itself did not reveal any sensitive personal information or passwords, its true threat is that it facilitates more plausible targeted scams.

Gayathri Yadav

Gayathri Yadav is a seasoned content strategist who chronicles the ever-evolving story of Telangana and its capital, Hyderabad. Her expertise spans the full spectrum of the region's landscape: one day she is analyzing the real-world impact of Revanth Reddy's 'Six Guarantees,' and the next, she is investigating the rising cost of living that threatens Hyderabad's 'affordable' tag. She excels at connecting the dots between high-level policy, like the Dharani portal or Pharma City's development, and its direct effect on citizens—be it through urban flooding, school fee hikes, or the fight for green spaces. Whether crafting a hard-hitting exposé on the water mafia, a human-interest story on a viral street vendor, or a simple explainer on new traffic rules, Gayathri's work is defined by accuracy, nuance, and a deep understanding of the local context. Her command of SEO ensures these vital regional stories find and engage the widest possible audience.
Back to top button