Google has issued a global security alert advising its 2.5 billion Gmail users to update their passwords following a data breach involving one of its Salesforce databases.
Though consumer Gmail and Cloud accounts were not directly compromised, the incident has triggered an aggressive wave of phishing and impersonation attacks targeting users across the platform.
Newsweek contacted Google for more information via email outside of normal working hours.
Why It Matters
While the exposed database did not contain passwords or sensitive consumer data, the stolen business contact details have been used in a wave of phishing campaigns that mimic legitimate communications from Google. According to Google’s threat research team, phishing and “vishing”—voice phishing via phone calls—now account for 37 percent of successful account takeovers across Google platforms.
What To Know
The breach involved business contact information such as company and customer names, which hackers have used to craft highly convincing phishing emails and voice-based social engineering scams.
The attacker group behind the breach, identified as ShinyHunters, gained access by impersonating an IT help desk to a Google employee, ultimately deploying malware to extract the database contents, according to blog post by the tech giant dated August 5.
The breach, which was disclosed publicly the same day, originated from a Salesforce database used internally by Google to manage potential advertisers.
The company said that “only a limited set of basic business contact information used to communicate with potential advertisers” was exposed, not personal Gmail account credentials.
“On August 28, 2025, our investigation confirmed that the actor also compromised OAuth tokens for the “Drift Email” integration,” Google said, in a statement that said the breach was confined to Salesforce.
“In response to these findings and to protect our customers, Google identified the impacted users, revoked the specific OAuth tokens granted to the Drift Email application, and disabled the integration functionality between Google Workspace and Salesloft Drift pending further investigation.”
This means that Google temporarily suspended connections between Gmail and Salesforce services to prevent any breaches from potentially spreading further.
Google recommends several steps to mitigate risks for all users. These include updating passwords, enabling non-SMS two-factor authentication, and enrolling in its Advanced Protection Program.
“Unlike passwords, passkeys can only exist on your devices,” Google stated on its official Account Help page. “They can’t be written down or accidentally given to a bad actor.”
Gmail users can also protect themselves by checking for login alerts, enabling phishing detection filters, and avoiding clicking on unsolicited email links. For advanced users, Google’s Advanced Protection Program provides additional tools designed to counter targeted threats.
For more details, users are advised to visit Google’s official security help resources.
What People Are Saying
Google said in a statement on the breach: “We are notifying all impacted Google Workspace administrators. To be clear, there has been no compromise of Google Workspace or Alphabet itself.”
What’s Next
Google has not announced any timeline for further disclosures or technical updates stemming from the breach, but cybersecurity analysts expect continued attacks fueled by the leaked business data. Users are encouraged to switch from passwords to passkeys—biometric-based authentication such as fingerprints or facial recognition—which Google now recommends as the most secure option.
Read the full article here
