In light of a recent data breach affecting one of its Salesforce databases, Google is advising its 2.5 billion Gmail users to immediately update their passwords and enhance their account security. While Google has stated that Gmail and Cloud accounts were not directly compromised, the incident has sparked concerns about a surge in phishing and impersonation attacks targeting users across the platform.

The breach, which occurred in June 2025, involved a Google corporate Salesforce instance. A threat group known as ShinyHunters gained access by impersonating IT support staff and manipulating a Google employee into granting them system privileges. This allowed the hackers to exfiltrate data containing basic business contact information, such as company names and contact details, used to communicate with potential advertisers. Although the stolen data did not include passwords or sensitive consumer data directly, it can be used to craft highly convincing phishing emails and social engineering scams.

Google's Threat Intelligence Group (GTIG) first warned of these attacks in June, noting that threat actors were targeting people through social engineering attacks. These attacks often involve impersonating IT support staff. Google confirmed the breach in August and reported "successful intrusions" resulting from compromised passwords. Phishing and "vishing" (voice phishing via phone calls) now account for 37% of successful account takeovers across Google platforms.

The consequences of falling victim to these scams can be severe. Users could be locked out of their Gmail accounts, lose access to personal documents and photos, or even expose linked financial accounts and business systems. Some attackers are also attempting brute force logins, testing weak or common passwords.

To protect themselves, Google urges all Gmail users to take the following steps:

• Update your Gmail password: Choose a strong, unique password that you haven't used for other accounts.
• Enable two-factor authentication (2FA): This adds an extra layer of security by requiring a code from your phone or another device in addition to your password.
• Be wary of suspicious emails and calls: Be cautious of unsolicited emails or calls requesting personal information, especially those impersonating Google or IT support.
• Check your Google security activity: Regularly review your account's security activity to identify any suspicious sign-ins or alerts. To do this, log into your Google account and navigate to the "Security" section, then go to "Recent security activity".

Google has notified affected users via email. However, all Gmail users should be vigilant for social engineering and extortion attempts. Users should be on the lookout for emails with alerts such as "suspicious sign in prevented," which are commonly used by hackers during periods of increased cybersecurity warnings.

To update your Google Account password, go to your Google Account home page, then navigate to Security and then Password. Follow the onscreen instructions to complete the process. To turn on 2-Step Verification, open your Google Account, go to Security, and then select 2-Step Verification, following the onscreen instructions.