Date: August 27, 2025

Overview
Google is confronting one of the most serious security incidents in its history: a breach of its Salesforce-managed corporate database, reportedly orchestrated by the cybercriminal group ShinyHunters, has put approximately 2.5 billion Gmail users in jeopardy

Trend Micro News
The Independent

1.⁠ ⁠What Happened?

Hackers exploited Google’s Salesforce environment—used to manage business contacts—through sophisticated social engineering tactics. These involved impersonating IT support staff and tricking employees into granting access. Although no passwords or financial data were compromised, exposed data included company names and contact details, which are being used in phishing and voice-scam (vishing) campaigns
Fox News
News.com.au
Malwarebytes

2.⁠ ⁠Who’s Behind the Attack?

The intrusion has been linked to the notorious threat actor ShinyHunters, also identified as UNC6040/UNC6395. This group has orchestrated prior data leaks affecting major organizations like AT&T, Microsoft, Qantas, and Louis Vuitton
News.com.au
The Hacker News
BleepingComputer

3.⁠ ⁠How You Could Be Targeted

Cybercriminals are weaponizing the stolen data to launch targeted phishing and vishing campaigns. This includes impersonating Google staff via phone calls—often from a spoofed “650” area code—urging users to reset passwords or disclose login credentials
The Economic Times
The Times of India
New York Post

4.⁠ ⁠Google’s Recommendations

In response, Google is urging users to:

Change passwords and adopt strong, unique credentials.
Enable two-factor authentication (2FA)—preferably non-SMS methods.
Consider passkeys and enroll in Google’s Advanced Protection Program for more robust defense
New York Post
+1
Proton

5.⁠ ⁠Broader Industry Impact

This breach is part of a broader wave of Salesforce-targeted attacks, in which stolen OAuth tokens and compromised third-party tools like Salesloft Drift have facilitated unauthorized access to CRM systems across multiple organizations
The Register
The Hacker News
Cybersecurity Dive

Why This Matters

Even when data appears “non-sensitive,” access to business contact information can severely compromise user trust and safety. Credential theft and social engineering remain potent tools for criminals, especially against large platforms like Google.

What You Can Do (Summary)
Action Recommended Steps
Secure Your Account Update your Gmail password; use a strong, unique one.
Enable 2FA Use authenticator apps or hardware tokens, not SMS.
Stay Alert Don’t respond to unsolicited calls or emails claiming to be from Google. Verify using official channels only.
Advanced Protection Consider enrolling in Google’s program or adopting passkeys for enhanced security.
Stay Informed Keep abreast of updates from Google and trusted cybersecurity sources.