MOUNTAIN VIEW, Calif. (WTVF) — Google is urging its 2.5 billion Gmail users to tighten account security following a breach tied to Salesforce that has fueled a wave of phishing and impersonation attacks.
The breach, linked to the hacker group ShinyHunters, exposed business-related Gmail data such as contact lists, company names, and email metadata. While no personal Gmail credentials were stolen, the stolen information has enabled attackers to craft highly convincing phishing emails and phone-based scams—some even spoofing Google’s official 650-area-code lines.
Google says phishing and “vishing” (voice phishing) now account for 37 percent of successful account takeovers across its platforms. By exploiting details from the breach, attackers can impersonate IT departments, vendors, or even Google itself, tricking users into giving up login information.
Google’s response
Google confirmed that the breach originated from a Salesforce database used internally to manage potential advertisers. A limited set of business contact details was exposed, along with OAuth tokens tied to a third-party integration. The company says it has revoked affected tokens, disabled the integration, and notified impacted Google Workspace administrators.
To protect users, Google is recommending several steps:
- Update your Gmail password regularly and avoid reusing it across accounts.
- Enable two-factor authentication (preferably app-based or with a passkey rather than SMS codes).
- Be skeptical of unsolicited messages—Google will never call to request your password.
- Use Google’s Security Checkup tool to review connected devices and apps.
- Switch to passkeys, biometric-based login credentials that Google now calls the strongest defense against phishing.
Why it matters
Though consumer Gmail accounts were not directly compromised, the breach underscores how attackers can exploit data leaks from third-party partners to launch more convincing scams. With Gmail as the world’s most popular email service, the platform remains a prime target for hackers.
Cybersecurity experts say users should expect continued phishing campaigns built around the leaked Salesforce data, and Google is encouraging its users to adopt passkeys as the long-term solution to replace traditional passwords.
“Unlike passwords, passkeys can only exist on your devices,” the company explained on its security page. “They can’t be written down or accidentally given to a bad actor.”
Google has not announced further updates but continues to monitor for additional threats.
Do you have more information about this story? You can email me at holly.lehren@newschannel5.com.
Music lessons for just 50 cents! A Nashville music school has been providing that to area students for over 40 years including for the city's current mayor. As a child, I always wanted to take piano lessons. I was able to for about 6 months but had to stop due to family finances. I would have loved to have had access to a program like this at the W. O. Smith Music School.
- Lelan Statom
