Google Issues Emergency Warning to Gmail Users Amid Third-Party Data Breach
August 28, 2025, 11:00 AM UTC
NEW YORK - Google has issued an urgent alert to its 2.5 billion Gmail users worldwide, advising heightened vigilance following a major breach of a third-party provider’s cloud services. While Google’s own infrastructure remains secure, cybercriminals are now leveraging compromised business data to launch sophisticated phishing and social-engineering attacks.
Google Threat Intelligence researchers first detected suspicious activity in June, when hackers exploited a vulnerability in Salesforce’s cloud platform to access a repository of publicly available business information. By August, the company confirmed that threat actors linked to the “ShinyHunters” group had executed several unauthorized intrusions, using stolen contact names and email addresses to craft convincing phishing lures.
In today’s emergency warning, Google emphasized that no Gmail passwords or core account credentials were exposed in the incident. However, the publicly obtained data has enabled scammers to impersonate Google support personnel-often using phone numbers with a 650 area code-and trick users into revealing two-factor authentication codes or clicking malicious links. Google Threat Intelligence Group has observed a sharp uptick in these vishing and phishing campaigns since early August.
To protect their accounts, Google recommends that all users:
- Review recent login activity and authorized devices in Gmail settings.
- Update to a strong, unique password if not done recently.
- Enable two-factor authentication (2FA) or passkeys for an added security layer.
- Complete Google’s Security Checkup to identify and remediate potential vulnerabilities.
“Users should never trust unsolicited calls or texts claiming to be from Google,” the company warned. “If you receive one, hang up and report the incident through our official channels.”
Despite solutions already in place, Google plans to roll out additional security measures in the coming days, including expanded phishing-resistant authentication options and real-time alerts for anomalous account activity.
Categories
Autos and vehicles Beauty and fashion Business and finance Climate Entertainment Food and drink Games Health Hobbies and leisure Jobs and education Law and government Other Politics Science Shopping Sports Technology Travel and transportationRecent Posts
Tags