Gmail Users Alerted After Salesforce Breach Puts 2.5 Billion at Risk

Google has raised an alarm affecting roughly 2.5 billion Gmail users following what the company describes as one of its largest security incidents. A breach in a corporate Salesforce instance provided access to business names and contact details with other data, as Google says was “basic and largely publicly available” in nature.

No passwords or personal Gmail or Google Cloud user data were taken during the intrusion.

Still, the fallout has triggered a surge in phishing and vishing attacks.

Scammers are impersonating Google staff via calls, texts, or emails, sometimes from numbers with a Silicon Valley area code, urging users to reset passwords or share login codes.

Google warned that “threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics”.

This group, also known by the designation UNC6040, had targeted high-profile firms in the past and is now behind the Salesforce-based incident.

To protect users, Google has advised the following steps:

• Run the Security Checkup in your Google Account to review recovery details and recently signed-in devices.
• Enable two-factor authentication or, better yet, use passkeys or Google Prompts.
• Do not trust unsolicited calls or emails claiming to be from Google about security issues.
• Beware of “dangling bucket” attacks, where older cloud storage endpoints are targeted for malware injection or data theft.

This breach underscores how even limited corporate data exposure can quickly enable broader cyber threats.

Google’s internal response included containment efforts and notification of affected users around August 8.