A massive data breach tied to Google’s use of Salesforce has put 2.5 billion Gmail users at heightened risk of phishing and scam attacks. Although no passwords were stolen, cybercriminals are now exploiting the exposed information to target users with sophisticated fraud tactics.
In June, hacker collective ShinyHunters (also known as UNC6040) gained unauthorized access to a Google-managed Salesforce instance by tricking an employee into granting access. The breach exposed business names, contact details, and email addresses—information that, while not highly sensitive, can be weaponized for phishing, impersonation, and vishing campaigns.
Google disclosed the breach publicly in early August and began notifying affected users around August 8, urging them to update security measures.
Since the breach, victims have reported receiving phone calls and texts impersonating Google employees—often using 650 area code numbers, purportedly linked to Google—pressuring users to share login codes or reset credentials.
Many of these scams rely on urgency and impersonation. Cybersecurity experts warn users never to trust unsolicited security messages that demand immediate action or ask for credentials.
To safeguard your Gmail account:
- Update your password immediately—choose strong, unique credentials not reused across platforms.
- Enable two-factor authentication (2FA) or switch to passkeys, which are more resistant to phishing.
- Run a Google Security Checkup to identify vulnerabilities and tighten account access.
- Stay vigilant toward suspicious emails and calls. Always verify the source and refrain from clicking on links or sharing codes.
While Google confirms no consumer passwords or sensitive personal data were compromised, the exposed contact information enables attackers to craft highly convincing scams..
Individuals face the risk of account hijacking, identity theft, and unauthorized access to private communications or linked services. Businesses, too, may suffer from compromised employee accounts leading to broader data breaches or operational disruption.
This breach serves as a reminder: even partial data exposure can be weaponized through deception tactics. While Google has taken steps to contain the fallout, users must act now—by strengthening authentication methods, scrutinizing unexpected communications, and staying informed. Proactive measures are the best defense against evolving cyber threats seeking to exploit trust.
Stay secure, stay alert.
