Google issues urgent security warning to billions of users due to data leak

Google has issued a significant security warning to its 2.5 billion Gmail users, advising them to update their passwords and fortify their account security in the wake of a substantial number of “successful intrusions” by hackers.

This broad alert coincides with a separate warning from the company regarding a breach of its own Salesforce database, which has been linked to the prolific cybercrime group known as “ShinyHunters.”

The primary alert calls for users to remain on high alert for suspicious activity and to implement extra security measures, with a strong emphasis on enabling two-factor authentication (2FA).

According to Google, hackers frequently compromise accounts by using phishing tactics, such as sending fraudulent emails containing links to fake sign-in pages to harvest user credentials. Another common method involves tricking users into sharing their sensitive two-factor authentication codes.

While the company notes that most users have strong, unique passwords, it also highlights a critical vulnerability in user behavior: internal data shows that only a third of users regularly update these digital keys, leaving a massive number of accounts exposed to persistent threats over time.

This lack of regular security maintenance is a key weakness that cybercriminals are actively exploiting.

Compounding the general threat, Google has also disclosed a breach of its own Salesforce database. The company warned in June that malicious actors were successfully targeting individuals through sophisticated social engineering attacks.

In these schemes, hackers pose as IT support staffers, a method Google described as “particularly effective in tricking employees” to gain unauthorized access.

While this specific hack largely compromised publicly available information, such as contact details for small- and medium-sized businesses, Google fears the method could be a precursor to more serious and damaging attacks in the future.

The group behind this activity, operating under the brand “ShinyHunters,” may be preparing to intensify its campaigns.

In a blog post, Google stated, “We believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS).” This tactic is designed to “increase pressure on victims,” including those affected by the recent Salesforce breach.

Google confirmed it notified all impacted users via email on August 8.

The ShinyHunters group, which seemingly derives its name from the Pokémon franchise, formed in 2020 and has since been linked to several high-profile breaches targeting major corporations like AT&T, Microsoft, and Ticketmaster.