Google on alert: 2.5 billion Gmail accounts hacked, and how to protect yourself

Google has acknowledged that more than 2.5 billion Gmail accounts were compromised after a cyberattack . The attack, confirmed by the Google Threat Intelligence Group (GTIG), stemmed from a social engineering maneuver targeting employees using Salesforce. While no passwords were leaked, names and contacts associated with users and companies were compromised.

The incident occurred on August 5, 2025, and was attributed to the ShinyHunters group, also identified as UNC6040. The attackers pretended to be technical support and, through phone calls, convinced employees to authorize suspicious access. Using manipulated versions of the Data Loader application, they managed to copy data from the platform.

As detailed Google, the leak particularly affected small and medium-sized businesses that operated Gmail services and Google Cloud integrated with Salesforce. While no passwords or banking credentials were compromised, the scale of the attack makes it one of the largest on record.

The company reported that the criminals initiated extortion attempts. They sent emails and made calls to organizations demanding payments in bitcoin within 72 hours, under threat of publishing the data obtained.

Given this scenario, Google shared basic security recommendations. These include: enabling two-step verification, strengthening passwords with secure combinations, not responding to unfamiliar emails or sharing personal information, and regularly reviewing account activity.

For businesses, it's also advisable to limit user permissions, control connected applications, establish restricted access by IP address, and conduct ongoing training on phishing and digital fraud. It's also recommended to implement automatic alerts to detect mass data downloads or unusual behavior.

The firm noted that it continues to work with Salesforce to strengthen preventative measures and has already notified users and companies affected by the breach.