Mountain View, California — Google has issued a global security warning urging its massive user base of 2.5 billion Gmail accounts to change their passwords following a data breach connected to one of its Salesforce databases. Although personal Gmail accounts remained secure, the incident has sparked a surge of phishing and impersonation attempts aimed at users.

The breach did not expose sensitive personal information or passwords. However, cybercriminals have exploited the leaked business contact data to launch sophisticated phishing campaigns masquerading as legitimate communications from Google itself. According to reports from Google’s threat analysis team, phishing and voice-based scams, known as “vishing,” now represent 37% of successful account takeovers on their platforms.

Involved in the attack was a group labeled as ShinyHunters, who reportedly gained access to the database by impersonating Google IT staff to deceive an employee. The attack unfolded through the installation of malware designed to extract data from the internal database used for advertising management.

As disclosed in Google’s recent updates, the compromised data included basic business contact information. Access to OAuth tokens associated with the “Drift Email” integration was also confirmed, leading Google to revoke those tokens and temporarily disable functionality between Google Workspace and the Drift application to curtail potential further breaches.

To bolster security, Google recommends that users take proactive measures. These include regularly updating passwords, activating two-factor authentication options not dependent on SMS, and enrolling in the company’s Advanced Protection Program tailored for enhanced security. Google emphasizes the importance of passkeys—biometric identifiers, such as fingerprints or facial recognition—as a more secure alternative to traditional passwords. Unlike passwords, passkeys are device-specific and cannot be easily compromised.

In addition, users are advised to stay vigilant. Google suggests enabling phishing detection and login alerts, and to refrain from engaging with unknown email links. For those seeking additional security, the Advanced Protection Program offers tools specifically designed to mitigate targeted threats.

While Google has confirmed that no core services or corporate data were compromised, cybersecurity analysts predict that the leaked business details might continue to fuel ongoing cyberattacks. The company has not provided a timeline for future updates regarding the breach, but users are encouraged to adapt to passkey authentication as the optimal security measure moving forward.

For comprehensive guidance on securing accounts, Google’s official resources remain available to users seeking to enhance their cybersecurity practices.