Google Data Breach Exposes 2.5 Billion Gmail Users to New Scam Risks

More than 2.5 billion Gmail users could be at risk following a massive cyberattack that compromised a Google database managed through Salesforce’s cloud platform. The incident, linked to hacker group ShinyHunters, is being described by security experts as one of the largest breaches in Google’s history.

How the Breach Happened

The attack, which began in June 2025, relied on social engineering tactics. According to Google’s Threat Intelligence Group (GTIG), scammers impersonated IT staff during convincing phone calls and persuaded a Google employee to approve a malicious application connected to Salesforce. This gave attackers the ability to exfiltrate contact details, business names, and related notes.

Google has confirmed that no user passwords were stolen, but the stolen data is already being abused. On forums like the Gmail subreddit, users have reported a surge in phishing emails, spoofed phone calls, and fraudulent text messages. Many of these scams impersonate Google staff and trick victims into sharing login codes or resetting their passwords, opening the door to full account takeovers.

What’s at Stake?

While the breach didn’t expose passwords directly, the stolen details provide a valuable starting point for hackers. By impersonating Google representatives, they can pressure victims into handing over login credentials or sensitive files. Some attackers are also attempting brute force logins, testing weak or common passwords such as “password” or “123456”.

The consequences are serious: victims could be locked out of their Gmail accounts, lose access to personal documents and photos, or even expose linked financial accounts and business systems.

How Users Can Protect Themselves

1. Check if your Gmail has been exposed on the dark web. Use ID Protection’s Data Leak Checker and Dark Web Monitoring to see if your details are circulating and set up ongoing monitoring.
2. Strengthen account security by updating your Gmail password. Create a unique, strong password with ID Protection’s free Password Generator, and enable MFA for phishing-resistant logins.
3. Use Trend Micro ScamCheck’s call blocking, SMS filtering, and scam check tools to stop scammers before they reach you.
4. Verify suspicious emails claiming to be from Google. Scammers may impersonate Google to trick you into handing over login codes. That’s why you can upload questionable emails to ScamCheck to confirm if they’re fake!
5. Google is encouraging users to switch to passkeys, which use fingerprint or face recognition and are resistant to phishing. In the meantime, run a Google Security Checkup, which reviews account protections and highlights additional safeguards you can activate.

Google’s Response and Track Record

Google began notifying affected users on August 8, 2025, after completing its analysis of the breach. The company emphasized that the compromised data was “largely publicly available business information,” though experts caution that even basic details can be weaponized in targeted scams.

This isn’t the first time Google has been hit by a large-scale incident. Past breaches include the Google+ API leaks (2018), the OAuth-based Gmail phishing scams (2017–2018), and the Gooligan malware campaign (2016). Each incident taught the same lesson: attackers don’t always need passwords to cause significant harm.

ShinyHunters and UNC Groups

The hacking collective ShinyHunters, also tracked as UNC6040, has a history of breaching corporate systems for extortion. Their tactics often involve impersonating IT support to trick employees into approving malicious Salesforce apps. Once inside, they use tools similar to Salesforce’s “Data Loader” to siphon out massive datasets.

In some cases, the stolen information is not monetized immediately. Instead, a related group known as UNC6240 contacts victims months later, demanding bitcoin payments and threatening to leak the stolen data. Security researchers believe the group may be preparing to escalate these extortion efforts by launching a dedicated data leak site.

To download Trend Micro ScamCheck or to learn more, click the button below.

As ever, if you’ve found this article an interesting or helpful read, please SHARE it with friends and family to help keep the online community secure and protected. Also, please consider clicking the LIKE button or sharing your experience in a comment below. Here’s to a secure 2025!