Google has issued a critical warning to its 2.5 billion Gmail users regarding a security vulnerability tied to a third-party Salesforce system breach earlier this year. Initially reported in June, the breach’s impact has expanded, putting millions of accounts at risk of phishing attempts and unauthorized access.
Google revealed that the breach goes beyond just the Salesforce-Drift integration. It now affects multiple connected systems, widening the scope of the threat. The company has urged users to stay vigilant and avoid falling for phishing scams targeting their accounts.
In an official blog post, Google noted that the threat actor, identified as UNC6395, accessed sensitive information, including AWS access keys and Snowflake tokens, by scanning customer support tickets. This data is especially dangerous because it could enable highly targeted phishing attacks.
The breach is part of a wider security crisis, as experts claim this is the largest password leak to date. Billions of login credentials have been exposed on the dark web, with malware known as infostealers collecting sensitive data from infected devices. This massive leak involves over 30 databases containing millions possibly billions of stolen records.
In response, Google has advised Gmail users to immediately change their passwords and enable two-factor authentication (2FA) for stronger protection. The company also recommends using passkeys for enhanced security. Despite no passwords being directly compromised, users remain at risk of phishing schemes, with hackers impersonating Google employees to trick users into resetting passwords or revealing login credentials.
Also Read Google Pixel 10 vs Nothing Phone 3 vs OnePlus 13: Which Phone Wins?
Google has attributed the breach to the threat group ShinyHunter, known for previous high-profile data breaches, including incidents at Microsoft and Ticketmaster. As part of its response, Google continues to investigate the scope of the breach, urging users to remain cautious of suspicious messages.
Share
Google Pixel 10 vs Nothing Phone 3 vs OnePlus 13: Which Phone Wins?
Why Did Tamannaah Bhatia Thank Biotique’s Vinita Jain
