Google Warns 2.5B Gmail Users to Change Passwords After Major Hack

Google has issued a global security warning to its 2.5 billion Gmail users, urging them to update passwords and enhance security measures following a wave of successful intrusions by hackers. The attacks stem from a June 2025 breach of Google's Salesforce database, which exposed basic business contact information that has been exploited in sophisticated phishing and social engineering campaigns, particularly by the hacker group ShinyHunters. This group has targeted users by impersonating IT support staff through emails and phone calls, a method especially effective in English-speaking countries, to trick victims into handing over credentials and two-factor authentication codes. Google recommends users avoid signing in via unsolicited links, use passkeys like biometrics or PINs for better protection, and remain vigilant against phishing attempts. Despite most users having strong, unique passwords, only about a third regularly update them, leaving many vulnerable. Google has directly notified affected users and warns that ShinyHunters may escalate their tactics by launching a data leak site to pressure victims further.