Google has issued an urgent warning to its Gmail users, cautioning them about a rising cyber threat linked to a large-scale third-party data breach.

The tech giant emphasised that its own systems remain secure, but said attackers are exploiting stolen information in increasingly deceptive ways.

The warning follows a breach of Salesforce’s cloud platform, which has left Google account holders more exposed to intrusion.

With Gmail and Google Cloud serving an estimated 2.5 billion users worldwide, the company urged customers to be vigilant, strengthen account protections, and monitor activity closely.

Google’s Threat Analysis Group (TAG) said it first detected signs of the campaign in June, when hackers impersonating IT support staff attempted to trick targets using social engineering techniques.

By August, the company confirmed the hacking group had achieved multiple intrusions by exploiting compromised passwords.

Although the stolen Salesforce data was described as “basic and largely publicly available business information,” TAG said it has since been repurposed for more damaging operations.

The group, believed to be operating under the “ShinyHunters” banner, may be preparing to escalate its extortion methods by launching a dedicated data leak site to pressure victims.

The attackers’ use of “vishing”—posing as IT personnel over the phone—has proved particularly effective against employees of multinational firms, particularly in English-speaking branches. Google confirmed that all individuals affected were notified by email on August 8.

ShinyHunters, a hacking collective that emerged in 2020, has been linked to a series of high-profile data breaches at companies including AT&T Wireless, Microsoft, Santander, and Ticketmaster. Known for stealing and auctioning massive databases on the dark web, the group has also targeted firms such as Tokopedia, Mashable, and Wattpad.

Google has urged Gmail users to take proactive steps to protect their accounts, such as regularly updating passwords and enabling two-factor authentication. While most users employ strong credentials, the company warned that relatively few update them frequently, leaving accounts more vulnerable.

Security experts say adopting multi-factor authentication, strong and unique passwords, and routine updates remain the most effective safeguards against the kinds of attacks now linked to ShinyHunters.

Total views: 718