Google Gmail Data Breach: How To Tell if You've Been Hacked and What to Do

Key indicators of a hack include unauthorised changes to your security settings

Gmail scam — A recent data breach has put 2.5 billion Gmail accounts at risk. To check for a compromise, one should look for unauthorised changes to security settings, strange activity in Google apps, or unknown financial transactions. Pexels

Google has reportedly informed 2.5 billion Gmail account holders about a 'successful intrusion' carried out by a password-hacking group.

According to reports, the incident occurred between 8 and 18 August, during a widespread attack that exploited compromised Open Authorisation (OAuth) tokens.

According to the Google Threat Intelligence Group (GTIG), the hackers didn't just target personal accounts; they also went after Salesforce's database of customer information. In light of this, Google has instructed Gmail users to change their passwords and take measures to protect their accounts.

Google Salesforce Data Breach
ShinyHunters (UNC6040) exposed data from 2.5 billion Gmail accounts in a major 2025 leak.

Attack Details:
Breached Salesforce database via employee phishing and social engineering.
Exposed data: business names, contact details, sensitive acc info pic.twitter.com/k2BIL5RfCm
— CrawlSec (@CrawlSec_) August 27, 2025

Cybercriminals Target Gmail Account Passwords

Google notified the affected Gmail users via email. The message urged them to change their passwords immediately and enhance their account security by enabling two-factor authentication (2FA). The company also advised users to be vigilant for any suspicious activity.

The GTIG stated in a blog post that the same hacking group, known as UNC6395, was behind a large-scale data theft operation aimed at Salesforce's customer data. The breach was made possible by compromised OAuth tokens from the third-party application, Salesloft Drift.

Hackers are exploiting a recent Google database leak to launch phishing and vishing attacks on Gmail and Google Cloud users. Stay alert and protect your account

Learn more here: https://t.co/O4arpoZwab pic.twitter.com/XTOUpKQxfk
— Kurt Knutsson (@cyberguy) August 29, 2025

Even with Google's robust security measures, hackers can still gain unauthorised access to your account. The most common methods include using credentials stolen in other data breaches, sending phishing emails, or exploiting malware and insecure Wi-Fi networks. There are several indicators that your Google account might have been compromised.

How to Tell If Your Google Account Is Hacked

Sign 1: Unauthorised Changes to Security Settings

Noticing changes to your security settings that you didn't make is a clear sign your account has been compromised. This could be a new recovery phone number or email, a changed name on the account, or even two-factor authentication being turned off without your knowledge. These are all strong indicators that a hacker has gained control.

Sign 2: Unexplained Activity

If you notice strange activity in your Google products, your account may be compromised. This could include missing or deleted emails, messages you don't remember sending, or videos on your YouTube channel that you didn't upload.

On Google Drive, you might see activity that isn't yours, or discover that your Photos are being shared without your permission. Additionally, Blogger users might see new posts they didn't write. You might notice these issues yourself or be alerted by confused contacts.

Sign 3: Unauthorised Financial Activity

One of the most alarming signs of a compromised account is finding unauthorised financial transactions. This could mean unknown purchases made through Google Pay or new payment methods, such as bank accounts, credit or debit cards, and gift cards, that you didn't add. The same activity can also occur on the Google Play Store.

Sign 4: You Receive an Alert from Google

Google will send security alerts to your recovery phone or email if it detects suspicious activity on your account. These alerts might warn you about a sign-in from a new device, a sudden increase in the number of emails being sent, or a blocked attempt to view your saved passwords. However, be cautious: some scammers send fake security alerts. Always verify the alert's authenticity by checking your Google account directly.

Google suggests taking a series of steps to protect your account.

How to Secure Your Gmail Account

Run a Security Check-up: Go to your Google account, then Settings > Security > Security check-up. Address any issues marked in red or amber.

Change Your Password: Navigate to Security > Password to create a new one. Google recommends a strong, unique password that combines letters, numbers, and special characters.

Enable Two-Factor Authentication (2FA): Go to Security > 2-Step Verification and add a passkey. You can also use an authenticator app to get one-time passcodes (OTPs) to confirm your identity.

Check Your Devices and Active Sessions: Visit Security > Your devices. Sign out of any device you don't recognise or no longer use.

Revoke Third-Party Access: Go to Security > Third-party access and remove any apps you don't trust or need.

Monitor Recent Login Activity: On the Gmail website, click Details in the bottom right corner to view your recent logins.

Be Cautious with Links and Attachments: Never click on a link or file from an email address you don't know. If the email is from a familiar contact, confirm with them on a different platform before clicking anything.

Ultimately, being proactive is the best way to protect yourself online. By regularly checking your security settings and remaining vigilant for suspicious activity, you can significantly reduce your risk and keep your personal data secure.

Google