Google Issues Emergency Warning for Gmail Users After Salesforce-Linked Data Breach
Google’s Threat Intelligence Group (GTIG) says the attackers are exploiting the breach.
Google has issued an emergency warning to Gmail users following a major third-party data breach connected to Salesforce. The company confirmed that while its own systems remain secure, hackers are now targeting Gmail accounts using information stolen from Salesforce’s cloud platform.
According to Google’s Threat Intelligence Group (GTIG), the attackers are exploiting the breach to launch social engineering campaigns. These tactics aim to trick individuals into giving away sensitive information, making millions of Gmail users vulnerable worldwide.
Hackers Use Social Engineering
The breach first came to light in June when Google identified unusual activity tied to the hacker group known as “ShinyHunters.” The cybercriminals posed as IT support staff to deceive Gmail users into sharing login credentials. By August, they had already carried out several successful intrusions using stolen passwords.
Google explained that while the stolen Salesforce data initially appeared to be harmless business information, it is now being repurposed for more dangerous attacks. Hackers are preparing to escalate their efforts by creating a data leak site to pressure victims and organizations linked to the breach.
Read more: Why Is ‘Trump Dead’ Trending Worldwide? What Happened?
Vishing Attacks on the Rise
One of the most alarming methods used in this campaign is “vishing” — a voice phishing scam. In these cases, hackers impersonate IT personnel over the phone and convince Gmail users to reveal account details.
Google said vishing attempts have been particularly effective against employees working in English-speaking branches of global organizations. On August 8, the company directly notified Gmail users who were impacted by these attacks, warning them to secure their accounts immediately.
New Threats to Google Cloud
The breach has also exposed Google Cloud customers to a different type of attack known as dangling bucket hijacking. In this technique, hackers exploit deleted Cloud Storage bucket names to plant malware or steal valuable information.
Google confirmed that dangling bucket attacks pose a growing risk for companies that rely heavily on cloud-based services. This raises concerns for businesses and individuals alike, given that Gmail and Google Cloud together serve nearly 2.5 billion users worldwide.
Safety Measures for Gmail Users
In response to the threat, Google urged all Gmail users to adopt stronger security practices. The company advised users to:
Avoid clicking suspicious links
Regularly update passwords
Enable two-factor authentication (2FA)
Keep devices and software updated
Closely monitor account activity
Cybersecurity experts warn that while most Gmail users create strong passwords, only about one-third change them regularly. This leaves a wide window for hackers to exploit stolen credentials in long-term attacks.
Global Cybersecurity Concerns
The Salesforce-linked data breach highlights the growing risks faced by Gmail users and other cloud service customers. Security researchers believe the incident reflects a wider trend of cybercriminals targeting third-party platforms to indirectly access larger networks.
Google said it continues to monitor ShinyHunters and other groups connected to the breach. The company promised further updates as it works to block ongoing attacks and strengthen defenses for its users.
For now, Gmail users worldwide are being urged to remain alert and adopt stricter security measures to avoid falling victim to one of the most widespread cyber threats of the year.
Follow us on Instagram, YouTube, Facebook,, X and TikTok for latest updates
