Google Data Breach Puts 2.5 Billion Gmail Users at Risk of Phishing

Google has confirmed a security incident that exposed the contact information of millions of Gmail users after hackers breached its Salesforce CRM platform. The company said around 2.5 billion Gmail accounts were notified about the issue, making it one of the largest security warnings in its history. 

While no passwords or payment data were leaked, the stolen details are now fueling large-scale phishing and vishing scams. The attack was carried out by the notorious hacker group ShinyHunters. Find out more about the incident and what you can do to protect Gmail account below:

How the Breach Happened

In June 2025, attackers executed a vishing attack and impersonated IT support, causing a Google employee to authorize a malicious Salesforce-connected app. This granted the attackers temporary access to a corporate Salesforce CRM environment, which contained business contact records.

Google clarified that the compromised data included names, companies, and publicly available details, but not Gmail login credentials or financial information. While the company has not disclosed the exact scale of the exposure, the hacker group ShinyHunters claims they have stolen around 2.55 million records in the attack.

Why It’s Still a Serious Threat

Even though sensitive account data wasn’t exposed, the leaked information has already been weaponized in phishing and phone scams. Cybercriminals are:

• Sending emails that mimic official Google notices, urging recipients to reset their Gmail password.
• Using spoofed calls from California’s “650” area code to pose as Google staff and pressure users into sharing login codes.

These tactics are highly convincing and have led to successful account takeovers in recent weeks. Google has reminded users that it will never call unexpectedly to request login codes or passwords.

What’s Google Response

Google began notifying affected accounts on August 8, 2025, and has since issued global warnings. The company recommends all Gmail users to immediately update their passwords, enable 2FA/MFA, and where possible, switch to passkeys for phishing-resistant protection.

Its Threat Analysis Group (TAG) is actively monitoring ShinyHunters’ activity, analyzing the group’s phishing infrastructure, and sharing threat intelligence with Salesforce and law enforcement agencies. Google says these efforts are aimed at disrupting ongoing scam campaigns and preventing similar social engineering attacks in the future.

Tips to Protect Your Gmail Account

Here’s what Gmail users must do now:

• Change your Gmail password to a strong, unique one. Avoid reusing the same password across multiple accounts. A reliable password manager can help generate and securely store complex passwords you won’t need to memorize.

• Enable 2FA/MFA or passkeys for phishing-resistant security. Two or multi-factor authentication adds an extra layer of protection, and passkeys go further by replacing traditional passwords with cryptographic keys that can’t be phished.

• Use Google’s Security Checkup to review account activity. This tool lets you see which devices are signed in, update recovery information, and verify recent login attempts to ensure no suspicious activity is missed.

• Stay alert to unsolicited calls or emails claiming to be from Google. Scammers are spoofing phone numbers and emails that look legitimate. Remember, Google will never call you unexpectedly to request login codes or passwords. 

Final Word

The Google data breach proves that even when passwords aren’t stolen, seemingly harmless data can still be weaponized at massive scale. 

With 2.5 billion Gmail users now facing heightened phishing risks, strengthening account security is more urgent than ever. 

Simple steps like updating passwords, enabling 2FA/MFA, and adopting passkeys can make the difference between staying safe and becoming the next victim of a scam.