Google Urges 2.5 billion Gmail Users to Act Now After Salesforce-Related Data Breach
Google warns 2.5 billion Gmail users about phishing risks and tells them to take immediate action in response to a Salesforce system data breach. Now there are six suggested crucial safety regulations, including passkeys and Advanced Protection, to lock the accounts.
Google has declared a worldwide security issue, asking the entire 2.5 billion Gmail subscribers to change their passwords right now and increase their security controls after one of its Salesforce databases was compromised.
What happened?
This hack was based on a vulnerability in the Google corporate Salesforce system, which contains fundamental contact data on small and medium-sized business clients. Even though Gmail and Google Cloud accounts did not suffer any security breach, the leaked information (company names and emails) has contributed to a significant increase in high-quality phishing and impersonation attacks.
Also Read: On last day of filing claims and objections, 144 submitted by political parties: ECI
The threat landscape
The Salesforce breach was used by hackers such as the well-known ShinyHunters (also known as UNC6040) to collect business contacts information.
Although the stolen information might not appear overly dangerous, its misuse by cybercriminals has already resulted in an explosion of phishing emails, voice-based phishing (vishing) and other forms of social engineering.
According to the Threat Analysis Group at Google, phishing and vishing have become the most common types of successful Gmail account takeovers (37 percent).
What Google recommends:
Google has also revealed 6 key security rules that must be followed by all users immediately to protect their security:The first thing to do is to change your password, using a strong, unique passphrase.
Turn on non-SMS 2FA (2 step verification or 2SV) – using authenticator applications or hardware security keys – because 2FA by SMS is not secure.
Use passkeys that are more secure than a password and they can never be phished as they are on your device.
Sign up to the Advanced Protection Program of Google, which provides the best protection against targeted attacks.
Watch out: Be suspicious of unsolicited emails and phone calls requesting credentials, or app passwords. The Google people do not randomly make phone calls to users to inform them of a security issue.
Check your account activity on a regular basis and turn on phishing filters that will identify and prevent suspicious activity.
Furthermore, another option suggested to users is Google Security Checkup tool, password managers, and ensuring that their operating systems and applications are kept up-to-date with the latest updates.
Why this matters
Google issued a warning that could be among the biggest security warning of the past few years that social engineering campaigns are on the rise. Although the breach in itself did not reveal any sensitive personal information or passwords, its true threat is that it facilitates more plausible targeted scams.
