_updates.jpg)
Google has issued an urgent warning to Gmail users worldwide after a cyberattack connected to a Salesforce data breach.
While Google confirmed that its own systems remain secure, the incident has created new risk for scams and credential theft, putting millions of inboxes at risk.
The threat is linked to ShinyHunters, a cybercriminal group known for large scale data breaches.
According to Google’s Threat Analysis Group (TAG), attackers are using information from the Salesforce breach to impersonate IT staff and trick people into giving away passwords.
Google said it first noticed sign of the campaign in June and confirmed in August that some intrusions had already been successful.
Hackers used stolen or weak passwords, along with social engineering tactics, to target organization, especially in English speaking markets.
Although most of the stolen records were described as “basic business information,” Google warned that criminals are now weaponizing the data for scams and extortion schemes.
Google’s Threat Analysis Group (TAG), believes ShinyHunters may soon launch a leak site to pressure victims further.
ShinyHunters is a hacking group that emerged in 2020 and has been linked to breaches affecting Microsoft, AT/ and T, Santander and Ticketmaster.
The group typically steal large sets of personal and corporate data, which are later sold online or used for ransom.
The company said that only about one-third of users regularly change their passwords, a gap that leaves many accounts exposed. Users directly affected by the breach received security notices from Google on August 8, 2025.
With more than 2.5 billion accounts, Gmail remains one of the most frequent targets for cyberattacks.
