Google has issued a security alert to its 2.5 billion Gmail users, urging them to update their passwords and enhance account protection following an increase in “successful intrusions” by password hackers.
The tech giant is encouraging users to be proactive and remain vigilant for suspicious account activity, and to install additional safety measures—such as two-factor authentication—if they haven’t already done so.
Hackers often obtain Gmail credentials by tricking users through phishing emails that lead to fake login pages or prompt them to disclose sensitive information like two-factor authentication codes.
One group, known as ShinyHunters—allegedly named after the Pokémon franchise—has been active since 2020 and linked to several high-profile breaches involving AT&T, Microsoft, Santander and Ticketmaster.
Despite growing awareness around online security, Google reports that while many users already have strong and unique passwords, only about one-third update them regularly—leaving a significant window of vulnerability.
In an advisory, Google also addressed a separate breach involving its Salesforce database, where attackers used social engineering tactics. In these cases, cybercriminals posed as IT support—a method that proved highly “effective in tricking employees,” according to the company.
While the compromised data in this incident was largely publicly available, Google warned that the tactics used could evolve into more serious and targeted attacks in the future.
“We believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS),” Google stated in a blog post published in June.
Google also warned, “These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches.”
All users potentially affected by the incident were notified by email on Aug. 8.
As digital threats continue to evolve, Google is strongly encouraging its global user base to take proactive steps to secure their accounts.
Google advises users to not only use complex passwords and enabling two-factor authentication, but to also remain alert for phishing attempts, unsolicited login prompts, and suspicious activity that may indicate a breach attempt.
If you purchase a product or register for an account through a link on our site, we may receive compensation. By using this site, you consent to our User Agreement and agree that your clicks, interactions, and personal information may be collected, recorded, and/or stored by us and social media and other third-party partners in accordance with our Privacy Policy.