Google has issued a fresh warning to its 2.5 billion Gmail users after hackers gained access to sensitive account details through a major data breach.
The attack has been linked to the ShinyHunters group, a hacking collective known for targeting global brands including Microsoft, AT&T, Santander, and Ticketmaster. This latest incident stems from a breach of Salesforce’s cloud platform, which exposed Gmail and Google Cloud users to heightened security risks.
How are hackers targeting Gmail users?
Google’s Threat Intelligence Group first raised concerns back in June, revealing that cybercriminals were impersonating IT support staff to trick users into handing over login details. The technique, known as social engineering, has proven especially effective against employees at English-speaking branches of multinational companies.
By August, Google confirmed that there had been several “successful intrusions” where compromised passwords were used to gain access to accounts.
What is ShinyHunters planning next?
In a recent update, Google suggested that ShinyHunters could escalate their campaign by launching a data leak site (DLS) to pressure victims into paying ransoms.
The group, active since 2020 and named after a Pokémon reference, has built a reputation for extortion and high-profile leaks. Google believes this move would mark a significant step-up in tactics following the UNC6040 Salesforce-related breach.
What should Gmail users do now?
Google confirmed that all impacted users were directly notified by email on 8 August 2025, but it is urging every Gmail account holder to strengthen their security immediately.
The company recommends:
- Updating passwords regularly, even if they are strong.
- Enabling two-factor authentication (2FA) to add an extra layer of protection.
- Staying alert to suspicious emails, calls, or login attempts.
While Google data shows most users now use strong, unique passwords, fewer than one-third regularly update them, leaving accounts more vulnerable.
This latest breach highlights the growing sophistication of cybercriminals and the need for constant vigilance online. If you’re a Gmail user, take action now, update your passwords, turn on 2FA, and treat any unexpected communication with caution.
Online Security with Outrank
At Outrank, we understand how important digital security is for both individuals and businesses. From strengthening your online presence to safeguarding your platforms, we’re here to help. If you’d like advice on keeping your business safe online, get in touch with our team today.