Gmail users advised to change passwords due to security incident linked to Salesforce data breach
In June 2025, a targeted cyberattack on Google was carried out by the notorious hacker group UNC6040, also known as ShinyHunters. This attack involved a data leak from Google's Salesforce systems, using a social engineering tactic known as voice phishing, or "vishing."
The breach did not compromise consumer products like Gmail or Google Drive. However, it did affect a limited set of data containing basic, largely public business information like company names and contact details. Google promptly contained the breach, conducted an impact analysis, and began mitigation efforts in response.
As a result, Google has issued a security alert to 2.5 billion Gmail users, urging them all to remain vigilant and take proactive security measures. Google strongly recommends updating passwords, enabling two-factor authentication, and being wary of unsolicited emails or calls requesting personal information.
Google confirmed it had completed sending email notifications to all parties directly affected by the breach by August 8. Unfortunately, the stolen data can be weaponized to create highly convincing phishing and vishing attacks. Attackers are leveraging the news of the breach to craft scams that appear legitimate, tricking users into revealing their login credentials or two-factor authentication (2FA) codes.
It's important to note that no passwords or financial data were exposed in the breach. However, the threat group responsible for the breach, ShinyHunters, is known for escalating its tactics by leaking data or using it for extortion to pressure victims. The group has been involved in recent breaches at other major companies.
Google is taking this incident seriously and is urging all Gmail users to stay informed and take steps to protect their accounts. As always, be cautious of any unsolicited communications and never provide sensitive information unless you are certain of the sender's identity. Stay safe and secure online.
