Google Warns Gmail Users of Security Risk After Massive Data Breach

Google has warned its 2.5 billion Gmail users of a security risk linked to a data breach in a third-party Salesforce system. The breach, first reported in June, has widened in scope and could expose a large number of accounts to phishing attempts. Google has urged users to remain cautious of suspicious emails and phishing campaigns. The company has also issued a separate warning advising most Gmail users to change their passwords to reduce the risk of unauthorized access.

Google has issued an urgent warning to its 2.5 billion Gmail users, advising them to take immediate action to protect their accounts following a significant data breach in a third-party Salesforce system. The breach, first reported in June, has expanded in scope and heightens the risk of phishing attempts, prompting the tech giant to urge heightened vigilance among its users.

The warning comes as Google's Threat Intelligence Group (TAG) detected a wave of phishing attacks that exploit stolen data from the Salesforce breach. The attackers, known as ShinyHunters, have been linked to multiple high-profile breaches of firms like AT&T, Microsoft, Santander, and Ticketmaster. The group is believed to be preparing to escalate their extortion tactics by launching a data leak site (DLS), increasing pressure on victims.

Google has advised users to remain cautious of suspicious emails and phishing campaigns. The company has also issued a separate warning advising most Gmail users to change their passwords to reduce the risk of unauthorized access. According to Google's threat research team, phishing and vishing attacks now account for 37% of successful account takeovers across Google services.

To protect their Gmail accounts, users are encouraged to take the following steps:
1. Set a new, strong password.
2. Set up a non-SMS form of two-factor authentication (2FA).
3. The best solution to secure Gmail is to set up a passkey.
4. Use Google’s Advanced Protection Program.

Google has also advised users to be wary of phone calls from people claiming to be Google support staff, as these are often vishing attempts. The company will never call users unprompted to warn them about a security issue. If users receive such a call, they should simply hang up.

While the data breach does not directly affect Google's systems, the compromised information has been weaponized to fuel more damaging schemes. Users are advised to monitor their accounts closely and strengthen their security measures to reduce the risk of compromise.

References:
[1] https://proton.me/blog/google-data-breach-gmail-warning
[2] https://economictimes.indiatimes.com/news/international/global-trends/us-news-googles-emergency-warning-email-over-2-5-billion-gmail-users-warned-by-google-after-massive-salesforce-data-breach/articleshow/123588612.cms
[3] https://m.economictimes.com/news/international/us/google-issues-urgent-warning-as-2-5-billion-gmail-users-told-to-reset-passwords-after-salesforce-breach-are-your-emails-safe-heres-how-to-protect-yourself/articleshow/123565889.cms