Google has urged all Gmail users to remain vigilant following a major cybersecurity alert tied to a Salesforce breach that exposed billions of users’ data to potential attacks.
The company stressed that its own systems remain secure but warned that hackers are now exploiting stolen information from third-party platforms to launch sophisticated attacks. Gmail, which serves more than 2.5 billion users worldwide, has been flagged as particularly at risk.
According to Google’s Threat Analysis Group (TAG), the first signs of malicious activity were detected in June, involving a hacking group known as ShinyHunters. The attackers employed social engineering tactics, often impersonating IT support staff in a method called “vishing” (voice phishing), to trick employees into revealing sensitive information. By August, several “successful intrusions” had been confirmed using compromised credentials.
While the stolen Salesforce data was largely basic business information, Google warned that the cybercriminals could now use it to escalate extortion and targeted attacks. TAG noted that the ShinyHunters may be planning to launch a data leak site (DLS) to further pressure victims affected by the UNC6040 Salesforce-related breaches.
Who Are ShinyHunters?
ShinyHunters first appeared in 2020, quickly gaining notoriety for hacking major organizations including AT\&T Wireless, Microsoft, Santander, and Ticketmaster. The group specializes in large-scale data theft, selling or leaking information on underground forums, and extorting companies by threatening public release of sensitive information. They have also been linked to breaches at Tokopedia, Mashable, and Wattpad, among others.
Cybersecurity experts describe ShinyHunters as persistent, globally active, and highly dangerous due to the volume of data they have compromised.
Steps Gmail Users Should Take
Google advised Gmail users to take immediate action to protect their accounts:
- Update passwords regularly: Ensure all accounts have strong, unique passwords.
- Enable two-factor authentication (2FA): This adds an extra layer of security against unauthorized access.
- Monitor accounts for suspicious activity: Keep an eye on login alerts and unusual behavior.
Although most Gmail users already maintain strong credentials, TAG noted that only about one-third update their passwords regularly, leaving many accounts vulnerable. Combining strong passwords with 2FA and routine updates can significantly reduce the risk of falling victim to attacks linked to the ShinyHunters.
Google formally notified all impacted users via email on August 8, urging them to strengthen security practices immediately.
