Google Urges Gmail Users To Act Fast As 'One Of World's Most Dangerous' Hacker Groups Launch New Attack

Google has issued an urgent security warning to its 2.5 billion Gmail users worldwide after discovering a new wave of cyberattacks linked to ShinyHunters, one of the world's most dangerous hacker groups.

The warning, issued Wednesday, follows a breach involving a Google-managed Salesforce database, which sparked a surge in phishing and intrusion attempts targeting Gmail accounts.

The breach did not expose Gmail passwords directly, but Google confirmed that business contact information and associated details were accessed. Cybersecurity experts warn that this data is now being exploited to trick users into revealing sensitive credentials.

Who Are the Hackers Behind It?

The attacks have been linked to ShinyHunters, a hacking group previously associated with major data leaks affecting companies such as AT&T, Microsoft, and Ticketmaster. Cybersecurity experts note that the group has a history of financially motivated intrusions and large-scale breaches.

In its recent advisory, Google's Threat Intelligence team stated that actors using the ShinyHunters name may attempt to escalate their activities by launching a data leak site (DLS), a common tactic to increase pressure on targeted organizations and individuals.

Security researchers warn that if such tactics are employed, the exposure of stolen business contact details could lead to more convincing phishing and extortion campaigns.

How the Attacks Are Happening

Cybersecurity experts report that attackers are deploying various social engineering techniques. Phishing emails resembling genuine Google security alerts have been circulating, directing users to fake login pages designed to capture credentials.

Some users have also reported receiving phone calls—known as vishing—from numbers mimicking Silicon Valley's 650 area code, in an effort to extract verification codes.

Other tactics include credential-stuffing, where previously leaked passwords are tested against Gmail accounts, and attempts to exploit weaknesses in cloud storage configurations.

The combination of stolen contact information and psychological pressure has made these scams more convincing, raising concerns about the scale of potential damage.

Google's Recommended Actions for Users

In response to the threat, Google has urged all Gmail users to take immediate precautions. The company's official guidance includes:

• Changing Gmail passwords immediately and ensuring they are unique and strong.
• Enabling two-factor authentication or passkeys to add an extra layer of protection.
• Using Google's Security Checkup tool to review account activity and connected applications.
• Remaining vigilant against phishing and vishing attempts, avoiding suspicious links, and refusing to share verification codes over the phone.
• Updating Google Chrome and Android devices to patch known vulnerabilities that attackers could exploit.

As reported by Forbes, Google has confirmed that only around 36% of users regularly update their passwords, leaving the majority more vulnerable to credential theft. The company has reiterated the importance of acting quickly to minimize risks.

Wider Context and Clarifications

While the breach has alarmed millions of users, Google clarified that no Gmail passwords or personal email content were exposed in the Salesforce-linked incident. Instead, the compromised information included business contacts and associated metadata, which attackers are now exploiting in targeted scams.

In a separate but related event, Google revoked compromised OAuth tokens linked to a third-party application, Salesloft Drift, which affected a limited number of Google Workspace accounts.

Security analysts caution that the overlap of incidents has caused widespread confusion, with some reports incorrectly portraying the situation as a direct Gmail password breach.

Nevertheless, experts stress that the phishing campaign remains a serious threat. Attackers are likely to leverage the credibility of the stolen data to design increasingly persuasive scams, underscoring the need for Gmail users to act without delay.