Google Urges 2.5 Billion Gmail Users to Change Passwords After Salesforce Data Breach
Google has issued a significant security alert to its 2.5 billion Gmail users, urging them to enhance their account security following a data breach involving one of the company’s third-party Salesforce systems. The incident, which occurred in June 2025, raised concerns over sophisticated phishing campaigns targeting a vast user base. A threat group known as UNC6040, also referred to as ShinyHunters, successfully infiltrated a corporate Salesforce instance used by Google, accessing a limited set of data that included basic, largely public business information such as company names and contact details. Google confirmed that the breach did not compromise consumer products like Gmail or Google Drive, and no passwords or financial data were exposed. The attackers utilised a social engineering tactic known as voice phishing, or “vishing,” to gain initial access by impersonating IT support staff over the phone, deceiving an employee into granting them system privileges.
In response to the breach, Google promptly contained the incident and conducted an impact analysis. On August 5, the company publicly detailed the event and the activities of UNC6040. By August 8, Google confirmed it had completed sending email notifications to all parties directly affected by the breach. Security experts warned that while the stolen data is considered low-risk, it could be weaponised to create convincing phishing and vishing attacks. Attackers are leveraging the breach news to craft scams that appear legitimate, tricking users into revealing their login credentials or two-factor authentication (2FA) codes. Given the heightened risk of follow-on attacks, Google strongly recommends that all Gmail users update their passwords, enable two-factor authentication, and remain vigilant against unsolicited emails or calls requesting personal information.
Categories: Data Breach, Phishing Attacks, Account Security
Tags: Google, Gmail, Security, Data Breach, Salesforce, Phishing, Vishing, Two-Factor Authentication, UNC6040, Mitigation