The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission.

Google issues warning to billions of Gmail users over password hack

Cyber criminals known as ‘ShinyHunters’ have previously targeted AT&T Wireless, Microsoft, Santander and Ticketmaster

Anthony Cuthbertson

Wednesday 27 August 2025 06:27 BST

Comments

Warning sent to billions of Gmail users

Leer en Español

Your support helps us to tell the story

Support Now

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Google has warned Gmail users that a notorious group of hackers is targeting account holders after gaining access to a massive database.

The attacks stem from a breach of Salesforce’s cloud platform that exposed users of Google services to further intrusions.

With around 2.5 billion people using Gmail and Google Cloud, users have been advised to be on high alert to suspicious activity and to take appropriate security action to better protect themselves.

Google’s Threat Intelligence Group first warned of the attacks in June, revealing that threat actors were targeting people through social engineering attacks that involved impersonating IT support staff.

In August, Google confirmed that there had been a number of “successful intrusions” as a result of compromised passwords.

The data breach exposed information that was “basic and largely publicly available business information”, but it was being used to conduct more serious attacks.

“We believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS),” a blog post by Google Threat Intelligence Group noted.

“These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches.”

The method of impersonating IT support personnel via telephone calls has proven “particularly effective in tricking employees”, according to Google, with victims often coming from English-speaking branches of multinational corporations.

Google said it notified all users impacted by the incident via email on 8 August.

ShinyHunters, which appears to take its name from the Pokemon franchise, first formed in 2020 and has been linked to several high-profile data breaches.

Victims have included AT&T Wireless, Microsoft, Santander and Ticketmaster.

Google advises users to regularly update their passwords and to use extra security measures like two-factor authentication.

Data from Google shows that the majority of users have unique or strong passwords, however only a third of them regularly update their passwords.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Stay up to date with notifications from The Independent

Thank you for registering

Google issues warning to billions of Gmail users over password hack

Cyber criminals known as ‘ShinyHunters’ have previously targeted AT&T Wireless, Microsoft, Santander and Ticketmaster

Join our commenting forum

Thank you for registering