Google has sounded the alarm with an emergency warning to all Gmail users, urging extra caution amid a growing cyber threat linked to a major third-party breach. While the company stresses that its own systems remain secure, the incident has opened the door for hackers to exploit stolen data in new and deceptive ways. Here’s what you need to know and why it matters for your own inbox.
Cyber threat looms for Gmail users following Salesforce data breach
Google has issued a stark warning to Gmail users after uncovering a fresh wave of cyberattacks linked to one of the internet’s most notorious hacking groups. The threat emerged following a breach of Salesforce’s cloud platform, which left individuals and organizations using Google services more vulnerable to intrusion.
With Gmail and Google Cloud serving an estimated 2.5 billion people worldwide, the company is urging users to remain vigilant, monitor accounts closely, and strengthen their security measures to reduce the risk of compromise.
According to Google’s Threat Intelligence Group (TAG), the first signs of these attacks were detected in June, when researchers discovered that hackers were relying on social engineering tactics—specifically impersonating IT support staff—to deceive targets. By August, Google confirmed that the group had achieved several “successful intrusions” through the use of compromised passwords.
Although the stolen data was described as “basic and largely publicly available business information,” it has since been weaponized to fuel more damaging schemes. “We believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS),” TAG explained in a recent blog post. “These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches.”
The vishing method, where attackers pose as IT personnel over the phone, has proven “particularly effective in tricking employees,” Google noted, with victims largely concentrated in English-speaking branches of global corporations.
All users identified as impacted by the incident were formally notified by Google via email on August 8.
Who are the ShinyHunters?
ShinyHunters are a notorious cybercriminal group that first emerged in 2020, taking their name from the Pokémon franchise. Since then, they have been tied to a string of high-profile data breaches targeting major organizations, including AT&T Wireless, Microsoft, Santander, and Ticketmaster.
The group has built its reputation on carrying out large-scale intrusions and then exploiting the stolen information in multiple ways. They are known for stealing massive amounts of user records, login credentials, and personal data, which are often leaked or sold on underground forums. In addition to data theft, they engage in extortion by threatening to release sensitive information unless companies meet their demands. Another hallmark of their operations is the auctioning of hacked databases on the dark web, where other criminals can purchase and misuse the stolen material.
Over the years, ShinyHunters have also been linked to breaches at companies such as Tokopedia, Mashable, and Wattpad, among many others. Cybersecurity experts consider them a major threat, citing their persistence, global reach, and the sheer volume of stolen data they have exposed.
What Gmail users should do to stay secure
Gmail users are encouraged to take proactive steps to strengthen their security. Google advises users to regularly update their passwords and enable extra safeguards like two-factor authentication, which adds an additional layer of protection against intrusions.
While data from Google shows that most users already have unique or strong passwords, only about a third of them change those passwords regularly, leaving many accounts more vulnerable than they should be.
By combining strong credentials with routine updates and multi-factor authentication, Gmail users can significantly reduce the risk of falling victim to cyberattacks like those linked to the ShinyHunters.
Source: Independent