December 5, 2025

Due to the Google Attack, All 2.5 Billion Gmail Users are at Risk from a Dark Criminal Outfit

daksh kataria August 23, 2025 0
A person holding a phone displaying the Gmail logo, with a red banner warning about a Google attack affecting 2.5 billion users.
Post Views: 305

Google Attack Puts 2.5 Billion Gmail Users at Risk from Criminal Hackers

To steal logins, hackers are increasingly calling people pretending to be Google employees.

Due to a significant Google security breach that exposed 2.5 billion accounts to hackers, GMAIL users worldwide are being cautioned to take immediate action.  Hackers deceived an employee into disclosing login credentials during a June cyberattack connected to Google’s use of Salesforce’s cloud platform.

Since scammers acted swiftly to take advantage of the stolen data, the hack has shocked the UK and the rest of the world.  Large files containing client contact information and corporate names were successfully stolen by the infamous hacker group ShinyHunters.

Although Google claims that no credentials were stolen, experts caution that fraudsters don’t need them to cause havoc.  The stolen data is already being used by cybercriminals to pose as Google employees.

Fake phone calls, suspicious emails, and text messages requesting that victims provide login credentials or change their passwords are being sent to them in droves.

This Image Shows gmail data breach

“There’s a huge increase in the hacking group trying to gain leverage on this,” stated cybersecurity expert James Knight.  Vishing is very common; scammers call, pose as Google, or send texts to trick people into logging in or providing codes to do so.

“Do not believe that a voicemail or text message you get from Google is from Google.  Most of the time, it probably isn’t.”  Social media users report that scammers even pose as legitimate callers by using numbers with the US 650 area code.

People who fall for it lose access to their own Gmail accounts.  Private information, images, and sensitive files are lost to others.  Knight cautioned that hackers are also attempting to gain access using basic brute-force techniques.  Some are trying to get fortunate with thoughtless users by testing weak passwords like “password.”

“Make sure multi-factor authentication is enabled first,” he continued.  Secondly, ensure that the password you use for that account is strong and distinct.

With multi-factor authentication, each time you log in, a secret code is delivered to your email or phone.  It makes account hijacking considerably simpler.

Additionally, Knight advised Gmail users to finish a Google Security Checkup, a free service that identifies account vulnerabilities.  He suggested employing “passkeys,” a more recent kind of identity verification that is more difficult for hackers to get around.

The so-called “dangling bucket” tactic is another danger that was discovered following the hack.

This involves taking advantage of outdated or forgotten digital access points in Google Cloud accounts, providing hackers with a covert entry point to steal data or infect computers with malware.  Additionally, the hack has raised concerns about Google’s security.

Salesforce, a popular database system that can create comprehensive profiles of individuals’ online activities, was first used to store customer data.  Because Google’s Gmail services depend on Salesforce, a large amount of data was made public when the system was breached.

Knight, who tests businesses’ and government organizations’ cyber defenses, expressed surprise that Google left this specific flaw unfixed.

How to protect yourself?
To automatically find vulnerabilities and get account security advice, use Google’s Security Checkup.

Google’s Advanced Protection Program can be activated to:

●        Stop possibly dangerous file downloads.

●        Limit the access that non-Google apps have to Gmail data.

●        For better defense against phishing and hacking efforts, use passkeys rather than passwords.

●        Stay vigilant:  Anyone who cannot prove their identity as a support worker should be taken with a grain of salt.

●        Remember:  When you need to modify your account information or reset your password, Google staff will never call or email you.

 

“Google puts a lot of money into their security, and they even purchased a security company many years ago, so it’s surprising that they left this one open, and the hackers gained access to the Salesforce database environment,” he said.  “These email addresses are really golden,” he continued.  These hackers have amassed substantial wealth.

Google has declined to disclose the precise number of compromised accounts, despite the extent of the hack.  The computer company acknowledged the attack in a blog post in August, although it did not provide any numbers.  It’s unclear if the business was the target of a ransom demand, and spokesman Mark Karayan declined to say further.

This image shows Google Attack on gmail data breach

The gang responsible for the hack, ShinyHunters, has a reputation for going after some of the largest companies globally.  Their area of expertise is breaking into cloud-based databases and selling stolen data online.

Knight cautioned that the threat is far from over: “Hackers can use this massive database to try popular passwords and then send codes, requesting those codes, and attempting to access accounts.” Therefore, people should always be on the lookout.

Chrome and Android flaws patched

Google is now advising customers to apply the most recent Chrome and Android upgrades right away in response to a number of recent security incidents.

A high-severity problem in ANGLE, the graphics engine used by Chrome, is one of several vulnerabilities that have been fixed in the latest Stable Channel version.  If left unpatched, this vulnerability could be used by a malicious website to manipulate memory in ways that compromise device security.

Additionally, two medium-risk problems have been resolved in the File Picker and the Aura interface layer of Chrome.  Google’s August patch for Android addresses a number of serious “no-touch” flaws.

The most dangerous vulnerability, CVE-2025-48530, is a remote code execution vulnerability that can let hackers take control of a device without the user having to do anything.  Two further flaws, CVE-2025-22441 and CVE-2025-48533, are particularly hazardous because they also don’t require interaction.

Despite the fact that none of these vulnerabilities are being used at the moment, Google has taken swift action to close the gaps.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.  Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.

Read More:

c0c0n Security and Hacking Conference 2025

About Author

daksh kataria

See author's posts

More Stories

265M Cyber Attacks in India Recorded by Seqrite — New Ransomware Recovery Tools Announced

265M cyber attacks in India recorded by Seqrite, reported, and new Ransomware Recovery tools

daksh kataria December 5, 2025 0
RTO E-Challan Scam: Fraudsters Drain Bank Accounts Using Fake APK Files

GPS Spoofing of Flights Reported at Important Airports like Delhi, Mumbai, Chennai: Centre tells RS

daksh kataria December 3, 2025 0
Image Shows chatgpt hacked names email addresses revealed

ChatGPT Hacked: Names, Email Addresses Revealed; AI Chatbot Responds to Users

daksh kataria November 28, 2025 0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

Cybersecurity-themed banner showing a person typing on a keyboard with icons of a password, lock, and shield, highlighting the five major threats that transformed web security in 2025.

5 Threats That Reshaped Web Security in 2025

daksh kataria December 5, 2025 0
265M Cyber Attacks in India Recorded by Seqrite — New Ransomware Recovery Tools Announced

265M cyber attacks in India recorded by Seqrite, reported, and new Ransomware Recovery tools

daksh kataria December 5, 2025 0
RTO E-Challan Scam: Fraudsters Drain Bank Accounts Using Fake APK Files

GPS Spoofing of Flights Reported at Important Airports like Delhi, Mumbai, Chennai: Centre tells RS

daksh kataria December 3, 2025 0
A smartphone screen displaying a fake RTO e-challan payment alert with a “Pay Now” button, indicating an online scam involving malicious APK files.

RTO E-Challan Scam: Fraudsters Drain Bank Accounts within Moments with Fake APK Files

daksh kataria December 3, 2025 0
sanchar-saathi -functions

Sanchar Saathi App: How it Functions, Key Features, Highlights, and Installation Permissions

daksh kataria December 3, 2025 0
en_USEnglish
en_USEnglish