Google Hack Exposes 2.5 Billion Users After Salesforce Breach Linked To ShinyHunters

Google has revealed that the hacker group ShinyHunters gained access to its accounts through Salesforce, a cloud-based software provider. The incident may have exposed as many as 2.5 billion Gmail and Google Cloud users worldwide.

How the breach unfolded

Google’s Threat Intelligence Group (GTIG) reported spotting the breach in June and later found evidence of attackers using “overlapping tactics, techniques, and procedures” to infiltrate networks and accounts by August.

ALSO READ: iPhone 17 Pro Vs iPhone 17 Pro Max What To Expect From Apple’s September Launch

Those methods include social engineering — “impersonating IT support reps in phone conversations” — with hackers largely targeting English-speaking users at multinational companies.

According to GTIG, the stolen material was “basic and largely publicly available business information.” However, the group also cautioned that ShinyHunters “may be preparing to escalate their extortion tactics by launching a data leak site … likely intended to increase pressure on victims.”

A pattern of extortion

Google has tracked ShinyHunters’ activity in the past, noting that some of their extortion techniques involved “calls or emails to employees of the victim organisation demanding payment in bitcoin within 72 hours.”

The group has been tied to high-profile breaches of companies including AT&T Wireless, Microsoft, Santander, Ticketmaster, Wattpad, and Mashable. Alongside direct demands, they also sell stolen databases on the dark web.

What you can do now

To strengthen account security, Google recommends the following:

• Update your Google password and make sure it’s unique.
• Use a password manager to generate and store secure credentials.
• Enable two-factor authentication, ideally with a security key or Google Prompt.
• Keep apps, browsers, and operating systems up to date.
• Watch for suspicious messages, emails, or calls that attempt to steal sensitive information.
• Avoid clicking links that request personal data such as passwords or banking details.

Spotting warning signs

Cybersecurity Insiders says potential signs of compromise include sudden password changes, unauthorised updates to personal information, or spam messages being sent from your account.

ALSO READ: Realme 15T India Launch On September 2 With 7000mAh Titan Battery And Dual 50MP AI Cameras

Forbes has also noted that strange financial transactions on Google Pay or Play could signal a problem, while unexpected file sharing on Google Drive may also indicate a breach.

If you suspect your account has been hacked, change your password immediately and run a Google Security Checkup to review unusual activity. Cybersecurity Insiders suggests informing contacts who may have been affected and monitoring your account closely.