Google Warns 2.5B Gmail Users to Reset Passwords Following Salesforce Data Breach
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Google has issued a broad security alert to its 2.5 billion Gmail users, advising them to enhance their account security in the wake of a data breach involving one of the company\u2019s third-party Salesforce systems<\/a>.<\/p>\n The incident, which occurred in June 2025, has escalated concerns over sophisticated phishing campaigns targeting a massive user base.<\/p>\n In June, a threat group identified as UNC6040<\/a>, also known by its extortion brand ShinyHunters, successfully infiltrated a corporate Salesforce instance used by Google. This system stored contact information and sales notes for small and medium-sized businesses.<\/p>\n According to Google\u2019s analysis, the threat actor accessed and retrieved a limited set of data containing basic, largely public business information like company names and contact details.<\/p>\n Google has emphasized that the breach did not compromise consumer products like Gmail or Google Drive and that no passwords or financial data were exposed.<\/p>\n The attackers employed a social engineering<\/a> tactic known as voice phishing, or \u201cvishing,\u201d to gain initial access. By impersonating IT support staff over the phone, they deceived an employee into granting them system privileges.<\/p>\n This allowed the hackers to exfiltrate data before their access was discovered and terminated by Google\u2019s security teams. ShinyHunters is a well-known group linked to recent breaches at other major companies, including Adidas, Cisco, and LVMH.<\/p>\n While the stolen data itself is considered low-risk, security experts warn that it can be weaponized to create highly convincing phishing and vishing attacks.<\/p>\n Attackers are leveraging the news of the breach to craft scams that appear legitimate, tricking users into revealing their login credentials or two-factor authentication (2FA) codes. The threat group is known for escalating its tactics by leaking data or using it for extortion to pressure victims.<\/p>\n In response to the incident, Google promptly contained the breach, conducted an impact analysis, and began mitigation efforts.<\/p>\n On August 5, the company publicly detailed the event and the activities of UNC6040. By August 8, Google confirmed<\/a> it had completed sending email notifications to all parties directly affected by the breach.<\/p>\n Given the heightened risk of follow-on attacks, Google is urging all Gmail users to remain vigilant and take proactive security measures. The company strongly recommends updating passwords, enabling two-factor authentication, and being wary of unsolicited emails or calls requesting personal information.<\/p>\n Find this Story Interesting! Follow us on Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>.<\/p>\n The post Google Warns 2.5B Gmail Users to Reset Passwords Following Salesforce Data Breach<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n