Google has issued an urgent warning to all Gmail users after a major third-party breach exposed billions of individuals to potential cyberattacks, Geek Spin reports. While Google says its own systems remain secure, the incident shows how stolen data from other platforms can be exploited to target Gmail accounts.
The alert follows a breach of Salesforce’s cloud platform, which has left users of Google services more vulnerable to attacks.
According to a Google Cloud blog post, Google’s Threat Intelligence Group (GTIG) first spotted these attacks in June. Hackers used social engineering tactics, such as posing as IT support staff, to trick users into sharing their login credentials. By August, the attackers had already carried out multiple “successful intrusions” using accessed passwords, Geek Spin reports.
While the stolen information was initially considered “basic and largely publicly available business data,” Google warned that it is now being used for more damaging purposes. The GTIG noted in the post, “We believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS). These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches. We continue to monitor this actor and will provide updates as appropriate.”
According to Geek Spin, the attacks have mainly involved “vishing,” where scammers impersonate IT personnel over the phone. Google said this approach has been especially effective in targeting employees at English-speaking branches of global organizations. Users affected by the breach were notified directly by Google via email on Aug. 8, the outlet reports.
In separate incidents, Google Cloud customers are being subjected to dangling bucket attacks, where hackers can hijack deleted Cloud Storage bucket names to inject malware or steal customer data, per Fox News.
With Gmail and Google Cloud serving roughly 2.5 billion people worldwide, Google is urging users to stay vigilant, monitor their accounts, and take extra steps to protect sensitive information, according to the outlet. Users are advised to avoid clicking unrecognizable links, update passwords regularly, enable two-factor authentication (2FA), keep devices updated, and watch for suspicious activity.
While most users have strong, unique passwords, only about one-third change them regularly, Geek Spin notes. It shares that combining strong passwords with 2FA and ongoing vigilance can greatly reduce the risk of cyberattacks like those linked to ShinyHunters.
