2.5 billion Gmail users are at risk of becoming victims of scams.
A group of hackers has gained access to Google's database and is now attempting to scam Gmail and Google Cloud users.
If you're using Gmail, now is the time to be on high alert. A notorious hacking group called ShinyHunters is believed to have attacked and illegally accessed Google's Salesforce database system, according to a new report from Forbes. The incident has raised serious concerns about the information security of billions of users worldwide.
Google quickly confirmed the attacks, stating that some basic data, including customer and company names, had been leaked. However, the tech giant insisted that user passwords were not compromised. Nevertheless, experts warn that this seemingly "harmless" information could still become valuable material for targeted phishing campaigns.

When personal and business data is exploited, malicious actors can create more legitimate-looking fake emails, tricking users into providing more sensitive information or clicking on links containing malware. This puts not only Gmail accounts, but also other services in the Google ecosystem, such as Google Cloud, at risk of being exploited.
In the context of increasingly sophisticated cyberattacks, Gmail users are advised to carefully check received emails, avoid clicking on suspicious links, and enable two-factor authentication to enhance security. Even if passwords haven't been compromised, the leakage of shared data is enough for cybercriminals to create increasingly convincing and dangerous scams.
How do phishing attacks occur?
The first reports of attacks targeting Gmail and Google Cloud appeared on Reddit, where many users suggested they were directly related to the recent data leak. According to these reports, some victims received fake calls from individuals impersonating Google employees, claiming their accounts had been compromised and needed urgent attention.
The most common phishing scam involves gaining control of Gmail accounts through a "reset" process. Hackers exploit users' panic to trick them into providing verification codes or login information. Once they obtain the password, the attacker immediately changes the security information, locking the account holder out of their own system.

Another technique that experts warn about is exploiting outdated access addresses in storage systems to steal sensitive data or install malware into Google Cloud environments. This type of attack is particularly dangerous for businesses that store large amounts of customer information and critical operational data.
With approximately 2.5 billion Gmail and Google Cloud users worldwide, this threat targets not only large corporations but can easily spread to individual users as well. Hackers can exploit even seemingly simple data to build sophisticated phishing schemes, catching victims off guard. This demonstrates the alarming scale and severity of these attacks.
How can you protect yourself from attacks?
In the face of increasingly sophisticated hacking, proactively protecting personal accounts is more important than ever. Gmail and Google Cloud users need to implement strong defenses to prevent unauthorized access from the outset.
Google now offers several essential security tools and programs. First, Google Security Checkup helps users quickly review the security status of their accounts, automatically detects vulnerabilities, and provides appropriate recommendations.
For those at high risk, such as journalists, politicians, or business administrators, Google recommends joining the Advanced Protection Program. This program adds several safeguards, such as blocking downloads of harmful files and preventing third-party applications from accessing Gmail data without permission.
Another measure being promoted by Google is the use of passkeys instead of traditional passwords. Passkeys help users log in more securely, making them virtually immune to phishing attacks or password cracking.
However, no matter how advanced security technology becomes, it cannot replace user vigilance. Be wary of any calls or emails claiming to be from technical support staff.
Google asserts that they never contact you by phone or email to request password resets or changes to sensitive information. A little vigilance can help you avoid becoming the next victim.


