More than 2.5 billion Gmail users are facing potential security threats after a large-scale cyberattack targeted Google’s systems through Salesforce’s cloud platform. The breach, attributed to the notorious hacking group ShinyHunters, is being described by experts as one of the largest in Google’s history.
How the Breach Occurred
The incident began in June 2025 and was carried out through social engineering tactics. According to Google’s Threat Intelligence Group (GTIG), hackers impersonated IT staff during highly convincing phone calls. During this process, they persuaded a Google employee to approve a malicious application connected to Salesforce. Once approved, the attackers gained access to sensitive records and began exfiltrating data, including contact details, company names, and related notes.
While Google confirmed that no user passwords were directly stolen, the compromised data is already being exploited. Reports from the Gmail community highlight a surge in phishing emails, spoofed calls, and fraudulent text messages. Many of these scams impersonate Google staff and attempt to trick users into sharing login codes or resetting their passwords, creating opportunities for full account takeovers.
Why This Matters
Although passwords were not exposed, the stolen data gives hackers a strong starting point. With access to names, contact details, and business information, cybercriminals can craft personalized attacks. By posing as Google representatives, scammers pressure victims into handing over login credentials or sensitive files.
Some attackers are also attempting brute-force logins, targeting accounts with weak or common passwords like “123456” or “password.” The risks include:
- Permanent loss of access to Gmail accounts
- Exposure of personal photos and documents
- Compromise of linked financial accounts and business systems
This breach underlines that even without direct password leaks, attackers can weaponize seemingly minor details to cause significant damage.
How Users Can Protect Themselves
Google and cybersecurity experts are urging users to take immediate protective measures:
- Check for data exposure: Use tools like ID Protection’s Data Leak Checker and Dark Web Monitoring to see if your information has been leaked.
- Update your Gmail password: Create a strong, unique password using a password generator and avoid reusing old ones.
- Enable multi-factor authentication (MFA): Add an extra layer of security with phishing-resistant login methods.
- Be cautious of suspicious emails: Scammers may impersonate Google to trick you into handing over login codes. Use services like Trend Micro ScamCheck to verify questionable messages.
- Switch to passkeys: Google encourages users to adopt passkeys, which rely on fingerprint or face recognition and are far harder to phish.
- Run a Google Security Checkup: Review your account protections and enable recommended safeguards.
Google’s Response and History
Google began notifying affected users on August 8, 2025, after completing its internal review. The company stressed that much of the stolen information was “publicly available business data”, but experts warn that such information can still be exploited for highly targeted scams.
This incident adds to Google’s history of large-scale security events, including the Google+ API leaks (2018), OAuth Gmail phishing scams (2017–2018), and the Gooligan malware campaign (2016). These cases highlight a recurring lesson: attackers do not always need passwords to inflict major harm.
Who Is Behind the Attack?
The hacking group ShinyHunters, also known as UNC6040, has been linked to the breach. The group is notorious for corporate data theft and extortion campaigns, often relying on impersonating IT support to deploy malicious Salesforce applications.
Once inside a system, they use tools similar to Salesforce’s Data Loader to extract massive datasets. Often, the stolen data is not monetized immediately. Instead, related groups such as UNC6240 may contact victims months later with extortion demands, threatening to publish the stolen information if a ransom in bitcoin is not paid. Security researchers believe these groups may soon escalate by launching dedicated data leak sites.
Final Takeaway
The breach affecting 2.5 billion Gmail accounts serves as a wake-up call for individuals and businesses alike. Even when passwords are not stolen, hackers can leverage basic personal and business details to stage sophisticated scams. Users are strongly advised to strengthen their account security, adopt phishing-resistant authentication methods, and remain vigilant against fraudulent communications.
The post Google Data Breach Exposes 2.5 Billion Gmail Users to Scam Risks appeared first on trendblog.net.