Google Warns 2.5 Billion Gmail Users After Salesforce Data Breach

Google has issued an urgent alert to all 2.5 billion Gmail users following a data breach connected to the company’s Salesforce cloud platform. The warning comes as concerns grow over rising phishing and vishing attacks using stolen contact information.

Google confirmed that no Gmail passwords or core systems were compromised. However, the breach, linked to the hacking group ShinyHunters, exposed business email addresses and contact details. Even basic information could now be exploited to create convincing phishing schemes.

Reports indicate the breach began in June, when attackers impersonated IT support to trick an employee into installing malware on Salesforce systems. By August, Google had confirmed several successful intrusions and started notifying affected users on August 8.

In response, Google urges all Gmail users to take immediate steps to protect their accounts: change passwords, enable two-factor authentication (2FA) or passkeys, and consider enrolling in the Advanced Protection Program. Users should also review linked devices and app permissions through Google’s Security Checkup.

This alert is one of the largest in Google’s history and highlights how interconnected digital systems can increase security risks, even when main services remain secure.