Hackers have breached a major Google database, putting the accounts of 2.5 billion Gmail users at risk of being hijacked by scammers.
The hacking group known as ShinyHunters broke into a Google database managed through Salesforce’s cloud platform by tricking a Google employee into sharing login credentials in June.
They stole troves of business files, containing company names and customer contact details, but Google does not believe any passwords were taken during the incident.
Now, scammers have been using this data to make fake phone calls and send malicious emails to these customers, attempting to gain access to their Google accounts and private data.
Cybersecurity expert James Knight told the Daily Mail that this hack has the potential to cause major harm to anyone with a Gmail account, as scammers have already begun to impersonate Google employees on the phone.
‘There’s a huge increase in the hacking group trying to gain leverage on this. There’s a lot of vishing – people calling, pretending to be from Google, text messages coming through in order to get people to log in, or get codes to log in,’ Knight explained.
‘If you do get a text message or a voice message from Google, don’t trust it’s from Google. Nine times out of ten, it’s likely not,’ he warned.
Gmail users on social media said that scammers have been making fake calls from 650 area code numbers to trick people into resetting their Gmail passwords.
Google has confirmed that a major database containing the contact information for countless Gmail users was breached in June 2025
Victims who fall for the scam get locked out of their accounts or have their private information and files stolen.
Knight added that some hackers are just trying to force their way into the Gmail addresses they’ve stolen, testing common passwords, such as ‘password’, to gain access to vulnerable accounts.
The digital security expert added that anyone with a Gmail account should immediately check their log-in settings and update their passwords if they use common or weak phrases.
‘First thing, ensure multi-factor authentication is set. Second thing, make sure you’ve got a really strong password that’s unique on that account,’ Knight detailed.
Multi-factor authentication adds another layer of security by sending a secret code to a person’s phone or email when they log into certain sites.
Knight also recommended using passkeys to log into your devices, a new type of security method that takes verifying your identity to the next level.
‘Third thing, do the Google security checkup. That’s a key thing as well, so they can identify the weakest points in their accounts,’ the cyber expert added.
‘Then just be really, really vigilant and aware of any phishing or vishing [voice phishing] attacks. Don’t send out codes, don’t just trust that it is Google calling you,’ he continued.
Cybersecurity expert James Knight urged anyone with a weak or common Gmail password to update their login now
Another tactic being used after the breach is the ‘dangling bucket’ method, where hackers sneak into Google Cloud accounts by finding forgotten or outdated access points, like old web addresses or digital keys that were used to breach data in the past but weren’t properly locked or removed.
Once in, they can steal information or plant harmful malware, taking advantage of these unsecured ‘doors’ to the cloud storage.
Salesforce is used in a number of different ways by companies, including Google. Traditionally, it was used to collect customer information, so they could store it all in one place.
However, it’s evolved into a database that can be used for wider purposes, such as creating detailed user profiles of individuals’ online habits. Google has been using it for their Gmail users, and that’s why there were reportedly 2.5 billion records in the database at the time of the hack.
Knight, a security expert for DigitalWarfare.com, works with companies and government agencies to test their cyber defences.
Organisations hire ‘pen testers’ like Knight to break through their security on purpose to see where they are vulnerable.
‘Google puts a lot of money into their security, and they even purchased a security company many years ago, so it’s surprising that they left this one open, and the hackers gained access to the Salesforce database environment,’ Knight revealed.
‘These email addresses are really golden. These hackers have made themselves a lot of money,’ the pen tester noted.
In an August blog post, Google did not reveal how many customers were affected by the hack, and spokesperson Mark Karayan declined to comment further on the matter.
It’s not clear if Google received a ransom demand from the hackers after the database was breached in June.
ShinyHunters has a reputation of targeting big companies and their cloud-based databases.
‘Hackers are able to take this huge database, try common passwords, and then send codes through, requesting those codes, trying to gain access to accounts. So, people just need to be vigilant as they always should,’ Knight said.
Source link
