Google has revealed a massive data breach affecting roughly 2.5 billion Gmail and Google Cloud users worldwide. The breach originated through Salesforce, a cloud software provider used by Google, and allowed hackers to access extensive account data.
Google’s security team has warned users about the scale of the breach and urged immediate action. However, simply changing passwords may not fully protect accounts from the hackers behind this attack.
Google’s Threat Intelligence Group (GTIG) identified the breach in June 2025. By August, they observed the cybercriminals employing overlapping techniques to infiltrate accounts.
According to Yahoo News, the group behind the attack, known as ShinyHunters, is notorious for targeting major companies including AT&T Wireless, Microsoft, and Ticketmaster. Their tactics are sophisticated, involving social engineering and vishing — where they impersonate IT staff on phone calls to trick victims into revealing credentials.
GTIG warned that ShinyHunters often follow these intrusions with extortion attempts, demanding bitcoin payments within 72 hours, and may soon launch a data leak site to pressure victims further.
Google described the stolen data as ‘basic and largely publicly available business information,’ according to Tom’s Guide. Although sensitive personal details were not confirmed to be compromised, this exposure raises the risk of phishing and social engineering attacks targeting Gmail users.
ShinyHunters has a history of selling stolen data on the dark web, which could lead to identity theft or further hacking attempts if users do not act quickly.
Google advises all Gmail users to change passwords without delay. Passwords should be unique and never reused across different services. Enabling two-factor authentication (2FA) is critical, with Google recommending options like Google Prompt or security keys for enhanced protection.
Additionally, users must update recovery details such as backup emails and phone numbers. Staying vigilant against suspicious communications — especially scam calls pretending to be from Google — is vital. Google clarifies it will not call users to warn them about breaches. Those potentially affected have received official alert emails from Google.
Password changes alone do not guarantee full security. Users should implement several protective measures:
Read more on International Business Times UK
