2.5 billion Gmail users at risk of falling victim to scams

If you use Gmail, it's time to be on high alert. A notorious hacker group called ShinyHunters has allegedly breached Google's Salesforce database system and gained unauthorized access, according to a new report from Forbes. The incident has raised serious concerns about the security of billions of users worldwide.

Google quickly confirmed the attacks, saying some basic data, including customer and company names, had been leaked. However, the tech giant insisted that no user passwords were compromised. However, experts warn that this seemingly “harmless” information could still be valuable material for targeted phishing campaigns.

When personal and business data is compromised, bad actors can create more legitimate-looking fake emails that trick users into providing additional sensitive information or clicking on malicious links. This puts not only Gmail accounts at risk, but also other services in the Google ecosystem, such as Google Cloud.

In the context of increasingly sophisticated cyber attacks, Gmail users are advised to carefully check received emails, avoid clicking on strange links and enable two-factor authentication to increase security. Because even if the password has not been exposed, the leaked public data is enough for cybercriminals to create increasingly convincing and dangerous phishing scenarios.

How do phishing attacks work?

The first reports of attacks targeting Gmail and Google Cloud emerged on Reddit, where many users believed they were directly related to the recent data breach. According to the report, some victims received fake calls from people impersonating Google employees, claiming that their accounts had just been compromised and needed urgent attention.

The most common phishing scenario involves taking control of a Gmail account through an “account reset” process. Hackers exploit users’ confusion by tricking them into providing authentication codes or login information. Once they have the password, the attacker immediately changes the security information, locking the account owner out of their own system.

Another technique that experts warn against is exploiting old, outdated access points in storage systems to steal sensitive data or install malware in Google Cloud environments. This type of attack is especially dangerous for businesses that store large amounts of customer information and important operational data.

With around 2.5 billion Gmail and Google Cloud users worldwide, this threat is not only aimed at large corporations but can easily spread to individual users. Hackers can take advantage of even seemingly simple data to build sophisticated phishing scenarios, catching victims off guard. This shows that the scope and severity of the attacks are at an alarming level.

How to protect yourself from attacks?

As hackers become more sophisticated, proactively protecting your personal accounts is more important than ever. Gmail and Google Cloud users need to deploy strong defenses to prevent unauthorized access in the first place.

Google now offers a number of essential security tools and programs. First, Google Security Checkup helps users quickly review the security status of their accounts, automatically detect vulnerabilities, and make appropriate recommendations.

For those at high risk, such as journalists, politicians, or business administrators, Google recommends joining the Advanced Protection Program, which adds additional barriers, such as blocking harmful file downloads and preventing third-party apps from accessing Gmail data without permission.

Another measure being promoted by Google is the use of passkeys instead of traditional passwords. Passkeys help users log in more securely, making them virtually immune to phishing or password guessing attacks.

However, no matter how advanced security technology is, it cannot replace user vigilance. Be cautious of any calls or emails claiming to be from technical support staff.

Google says it will never contact you to reset your password or change sensitive information by phone or email. A little bit of caution can help you avoid becoming the next victim./.