Google has issued a broad security alert to its 2.5 billion Gmail users, advising them to enhance their account security in the wake of a data breach involving one of the company’s third-party Salesforce systems.
The incident, which occurred in June 2025, has escalated concerns over sophisticated phishing campaigns targeting a massive user base.
In June, a threat group identified as UNC6040, also known by its extortion brand ShinyHunters, successfully infiltrated a corporate Salesforce instance used by Google. This system stored contact information and sales notes for small and medium-sized businesses.
According to Google’s analysis, the threat actor accessed and retrieved a limited set of data containing basic, largely public business information like company names and contact details.
Google has emphasized that the breach did not compromise consumer products like Gmail or Google Drive and that no passwords or financial data were exposed.
The attackers employed a social engineering tactic known as voice phishing, or “vishing,” to gain initial access. By impersonating IT support staff over the phone, they deceived an employee into granting them system privileges.
This allowed the hackers to exfiltrate data before their access was discovered and terminated by Google’s security teams. ShinyHunters is a well-known group linked to recent breaches at other major companies, including Adidas, Cisco, and LVMH.
While the stolen data itself is considered low-risk, security experts warn that it can be weaponized to create highly convincing phishing and vishing attacks.
Attackers are leveraging the news of the breach to craft scams that appear legitimate, tricking users into revealing their login credentials or two-factor authentication (2FA) codes. The threat group is known for escalating its tactics by leaking data or using it for extortion to pressure victims.
In response to the incident, Google promptly contained the breach, conducted an impact analysis, and began mitigation efforts.
On August 5, the company publicly detailed the event and the activities of UNC6040. By August 8, Google confirmed it had completed sending email notifications to all parties directly affected by the breach.
Given the heightened risk of follow-on attacks, Google is urging all Gmail users to remain vigilant and take proactive security measures. The company strongly recommends updating passwords, enabling two-factor authentication, and being wary of unsolicited emails or calls requesting personal information.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
