Google Security Alert: 2.5 Billion Gmail Users at Risk
Google Security Alert: The world’s largest email platform, Gmail, is facing a massive cyberattack. Google has recently issued a warning to more than 2.5 billion users, alerting them that hackers are using highly dangerous techniques to gain access to their accounts. This warning has been issued by Google’s Customer Security division following a major breach in cloud services like Salesforce. The attack not only threatens Gmail users but also puts several Google Cloud users at risk.
How Are the Attacks Happening? Social Engineering Used to Steal Passwords
Google’s Threat Intelligence team had already issued a warning in June 2025, stating that hackers are relying on social engineering techniques. This means attackers pose as IT support staff and trick users into revealing their passwords and other critical details over phone calls. The stolen data is then exploited to launch large-scale cyberattacks.
The attack originated with a breach of OAuth tokens in Salesforce’s cloud platform. OAuth tokens act as temporary permissions that allow applications to access user services without requiring a password. Once exploited, these tokens put several accounts at immediate risk.
Infamous Hacker Group ‘ShinyHunters’ Suspected
Google has identified the notorious hacker group ‘ShinyHunters’ as being behind this cyberattack. Formed in 2020, this group is linked to several major cybercrimes. ShinyHunters has previously targeted companies like AT&T, Microsoft, Santander, and Ticketmaster.
Reports suggest that the group is preparing to launch a new data leak site, which could be used to pressure companies and individuals. This indicates that the motive goes beyond data theft, extending to large-scale fraud and blackmail.
AI Is Powering the New Wave of Attacks
A fresh challenge has emerged as hackers are now using AI-powered phishing and voice phishing (vishing) strategies. With AI, attackers can generate highly convincing messages and calls. For example, AI-generated voices have been used to inform users that their account is at risk and urge them to share passwords or OTPs immediately.
These AI-driven alerts sound so authentic that users often mistake them for official Google warnings. In some cases, technologies like Gemini AI Assistant have been exploited to create fake system notifications, further deceiving users.
Google’s Security Advice: How Users Can Stay Safe
Given the seriousness of the threat, Google has issued essential safety measures that all users should follow:
- Use strong and unique passwords: Each account should have a separate, complex password.
- Change passwords regularly: Updating passwords frequently helps minimise risks from old breaches.
- Enable Two-Factor Authentication (2FA): Use hardware tokens or app-based 2FA for stronger protection.
- Be cautious of suspicious calls and emails: Never click on links from unknown sources. Always verify directly via Google’s security settings.
- Adopt passkeys: Google’s new passkey method offers a safer alternative to traditional passwords.
- Perform regular security checks: Use Google Security Checkup and review recent account activity.
Beware of Fake Google Security Alerts
Cybercriminals are also creating fake websites and emails that mimic official Google security alerts. These fraudulent notifications often carry alarming titles like “Urgent Security” or “Suspicious Activity” to push users into clicking links.
Once clicked, these links redirect to phishing pages designed to look like genuine Google sites but are meant to steal passwords and personal information. Some even install malware that can compromise the entire device.
According to Google, only about 36% of users regularly change their passwords, making the risk even more severe.
Expert Opinion on Cybersecurity
Cyber experts highlight that Gmail is no longer just an email service but an integral part of our digital identity. It safeguards personal, professional, social media, and banking details. If a Gmail account is compromised, the security of all linked services comes under threat.
They warn that AI-powered hacking attempts are becoming increasingly sophisticated, making it vital for users to remain extra vigilant. Any suspicious email or call should be ignored, and users should instead log in directly to their official Google account to verify activity.
Conclusion
Google’s latest warning and expert recommendations serve as a strong reminder for users to take digital security seriously. For over 2.5 billion Gmail users, this alert is a critical one — account breaches could cause not just personal damage but also fuel the operations of organised cybercriminal groups.
Users are strongly advised to follow Google’s safety guidelines, enable two-factor authentication, update their passwords regularly, and remain alert to suspicious activity. With AI-driven scams on the rise, improving personal digital habits is now more important than ever.
Recognising the gravity of this security threat, every individual must exercise full caution to protect their digital life and data from these growing dangers.
Also Read
