Google has released a widespread security advisory to its 2.5 billion Gmail users, urging them to strengthen their account protections after a data breach involving a third-party Salesforce system used by the company.
The breach which took place in June 2025, has raised alarms about increasingly sophisticated phishing campaigns aimed at a large number of users.
A threat group known as UNC6040, operating under the extortion alias ShinyHunters, managed to infiltrate a Salesforce platform utilized by Google. This system contained contact details and sales notes related to small and medium-sized businesses. According to Google's investigation, the attackers accessed a limited amount of data consisting mostly of basic and publicly available business information such as company names and contact numbers.
Google clarified that the breach did not affect consumer services like Gmail or Google Drive. No passwords or financial data were compromised.
The attackers used a social engineering method called voice phishing, also referred to as "vishing," to gain entry. By pretending to be IT support personnel during phone calls, they tricked an employee into granting them access privileges.
This access enabled the hackers to extract data before Google’s security team detected and blocked their activity. ShinyHunters has previously been linked to breaches at other major corporations including Adidas, Cisco, and LVMH.
Although the stolen data is considered low-risk, cybersecurity experts caution that it could be exploited to create highly convincing phishing and vishing schemes.
Scammers are now using the breach as a pretext to design fraudulent messages that appear credible, luring users into disclosing login credentials or two-factor authentication codes. The group is known for intensifying its attacks by leaking stolen data or using it to extort victims.
Following the breach, Google acted swiftly to contain the incident, assess its impact, and initiate mitigation steps.
On August 5, the company released a public report detailing the breach and the actions of UNC6040. By August 8, Google confirmed that it had completed sending notifications to all individuals directly affected.
In light of the increased threat of follow-up attacks, Google is advising all Gmail users to stay alert and take precautionary steps. Recommended actions include updating passwords, enabling two-factor authentication, and exercising caution when receiving unexpected emails or phone calls that request personal information.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
