Google has issued a stark warning to its 2.5 billion Gmail and Google Cloud users following a major data breach that hackers are now exploiting.
The attacks trace back to Salesforce’s cloud platform, which exposed basic but valuable business information now being used for serious cyber intrusions. Google’s Threat Intelligence Group (TAG) has confirmed that the notorious hacker collective “ShinyHunters” is behind the surge in attacks.
In June, Google first revealed that threat actors were targeting victims through sophisticated social engineering schemes, including impersonating IT staff. By August, Google reported multiple successful breaches caused by compromised passwords.
The hacking group is believed to be planning a data leak site to pressure victims further. “These tactics are intended to escalate extortion,” TAG warned, citing connections to the UNC6040-linked Salesforce breach.
ShinyHunters, formed in 2020 and named after a Pokémon reference, has a record of breaching high-profile companies, including AT&T, Microsoft, Santander and Ticketmaster. Google said all affected users were notified by email on 8 August.
One particularly effective method involves hackers posing as IT support over phone calls, often targeting English-speaking employees of multinational corporations. Experts say this simple but convincing technique has tricked many workers.
Google urges users to take immediate precautions, including updating passwords regularly and activating two-factor authentication. Despite most users having strong credentials, only a third regularly change their passwords, leaving accounts vulnerable.
The attack demonstrates the growing sophistication of hacker groups and highlights the urgent need for robust digital security measures worldwide.
