Google hack: 2.5 billion Gmail users at risk from scammers – how to protect your account

Hackers called ShinyHunters broke into a major Google database in June by tricking a Google employee into giving login details. The database was managed through Salesforce’s cloud platform, which Google uses to store business and customer information. The hackers stole business files with company names and customer contacts, but Google said no passwords were taken.

Scammers are now using this stolen data to make fake phone calls and send malicious emails, pretending to be Google workers. Cybersecurity expert James Knight told Daily Mail the hack could harm millions, as scammers are already impersonating Google staff on calls. Knight said there is a big rise in "vishing" – fake calls and texts that try to trick users into giving login codes or resetting passwords, as per the Daily Mail report.

Gmail scam calls and fake messages

He warned Gmail users, “If you get a message or call from Google, don’t trust it. 9 times out of 10, it’s fake.” Users on social media said scammers are calling from 650 area code numbers, tricking people into resetting their Gmail passwords. Victims who fall for this scam get locked out of their accounts or lose private files and data.

Knight also revealed some hackers are simply guessing weak passwords like “password” to break into stolen Gmail addresses. He advised Gmail users to update weak passwords immediately and check login settings. Knight’s top security steps are turn on multi-factor authentication (MFA). Use a strong, unique password. Complete the Google Security Checkup. Stay alert to phishing and fake calls, as stated by Daily Mail.

ALSO READ: Did you catch them? 7 unsung Android features quietly unveiled at Pixel 10 launch

How to protect your Gmail account

Multi-factor authentication adds security by sending a code to your phone or email before login. He also suggested using passkeys, a new method that makes logging in more secure. Another hacker trick after the breach is the “dangling bucket” method – sneaking into Google Cloud by exploiting old or forgotten digital keys and web addresses.

Once inside, hackers can steal more data or plant malware in Google’s cloud storage. Salesforce, which Google uses, was originally for customer data storage but now also helps create user profiles of online habits. That is why the hacked Google database held 2.5 billion Gmail records at the time of the breach, as per the Daily Mail report.

Knight, who works at DigitalWarfare.com, tests companies’ cyber defenses and said even though Google invests heavily in security, this gap was left open. He said, “Google even bought a security company years ago, but still hackers managed to enter the Salesforce database.” He added hackers see email addresses as gold, since they can make big money from them.

In August, Google wrote a blog post about the hack but did not reveal the number of affected users. Google spokesperson Mark Karayan also declined to give more details. It is still unclear if Google received a ransom demand from ShinyHunters. ShinyHunters is known for targeting large companies and cloud-based databases. Knight ended by saying, hackers are using the stolen database, trying common passwords, and tricking users for login codes – so Gmail users must stay very vigilant, as per Daily Mail report.

FAQs

Q1. How did hackers steal Gmail user data from Google?
Hackers called ShinyHunters tricked a Google employee and accessed a Salesforce database, stealing business and customer information.

Q2. How can Gmail users protect their accounts after the Google hack?
Users should enable multi-factor authentication, use strong unique passwords, complete Google Security Checkup, and stay alert to phishing calls or emails.