Google Data Breach Puts Billions of Gmail Users in Danger of Scams

The hacker group Shiny Hunters infiltrated one of Google’s corporate Salesforce databases in June 2025. They reportedly tricked an employee into uploading malicious software by impersonating a company’s IT support desk over the phone. The compromised database contained basic and largely public business information, such as company names and contact details. 

Google acknowledged the incident and notified users about the increased risk of phishing attacks, and exposed the personal data of more than 2.5 billion Gmail users. This massive data breach is one of the biggest the tech industry has seen and has led to serious concerns about user safety, phishing attacks, and email scams. Although no passwords were stolen, hackers accessed sensitive contact details, including email addresses, business names, and internal notes. These details might not seem critical at first glance, but they can be used to launch dangerous phishing and impersonation attacks on users and businesses. 

This alarming event has been confirmed by both Trend Micro and Proton, who’ve each released detailed reports explaining how the attack happened and how users can protect themselves now.

How Hackers Broke Into Google Systems

According to Trend Micro’s analysis, the attack was not a traditional brute-force hack. Instead, the hackers used social engineering, a method where attackers trick people instead of software. A Google employee in this instance was duped into signing an evil application within Salesforce, where Google does its customer relationship management. After getting approval, the app allowed the hackers to access internal systems where they discovered sensitive user and business data in the contact records.

This approach demonstrates the potential harmfulness of supply chain attacks. Even with a system that is secure, the vulnerability of one third-party system, such as Salesforce in this instance, can compromise the entire setup. Trend Micro cautions that supply chain attacks are increasingly common due to their ability to evade direct defenses by use of a partner and a supplier.

Who Is Behind the Breach

The attackers are known as ShinyHunters, a reputable hacker group that has been implicated in prior high-profile data breaches. They often employ deceiving employees to grant them access instead of cracking the code.

The second group started to call out to affected businesses and users after the first attack, which was called UNC6240. These hackers are using Bitcoin to demand a ransom in front of the data, threatening to post the stolen information on the dark web in case they are not paid.

This kind of threat is known as double extortion, in which the attackers steal data and also blackmail their victims. Cybersecurity analyst Alex Cheng writes that organizations such as ShinyHunters are no longer selling data; they are using it to demand that companies pay in silence, and too often, law enforcement is unaware.

Why This Matters Even Without Password Leaks

Although the hackers did not steal any passwords, the leaked information is extremely dangerous. Why? Since they obtained sufficient personal data to render their frauds believable.

Suppose a person sends an email claiming that he is a Google support with your complete name and details of your business. It would be justifiable, right? This is the way spear-phishing operates, tailoring scam messages with actual user data to win the audience and steal more valuable data, such as a login code or financial data from a bank.

According to Proton’s report, this breach has already led to a spike in phishing attacks, and Gmail users are being tricked into giving up access to their accounts. Cybersecurity expert Maria Lin notes, “Even if passwords weren’t leaked, email addresses paired with business info create the perfect storm for identity-based scams.”

Phishing and Vishing Attacks Are on the Rise

Since the breach, scammers have launched a new wave of phishing emails and vishing calls targeting Gmail users.

• Phishing e-mails can resemble authentic Google warnings. They frequently alert users about suspicious log-ins and prompt users to respond to a link to keep their accounts secure. These connections get you to spoofed login sites that scoop your credentials.
• Vishing is a phone-based scam. The victim is called by an impostor posing as a Google support agent. The caller sounds credible and asks the user to change his or her password or install counterfeit security software.

Proton’s research found that Gmail account takeovers have jumped by 37% since the data leak. These attacks are more successful now because scammers have real details to use, like your name, company, or even location. The danger is real, and users are encouraged to be very cautious when receiving unexpected emails or calls, even if they appear official.

How Google Responded and What They Recommend

Google formally recognized the breach and started notifying impacted users on August 8, 2025. The firm ensured that passwords and payment information was not stolen, but other contact information was obtained.

In response, Google is urging users to take several important steps:

• Enable Multi-Factor Authentication (MFA): Also known as two-step verification, this adds a second layer of security. Even if someone has your password, they can’t log in without a second code from your phone or app.
• Use Passkeys: These are new, passwordless login options that are resistant to phishing and easier to manage. Passkeys work with fingerprint or face ID on supported devices.
• Run a Security Checkup: Google’s security checkup tool helps users see if their accounts were accessed from unknown locations or devices.

According to Trend Micro, using MFA can prevent over 99% of account hacks, making it one of the most powerful tools for staying safe online.

How You Can Protect Yourself Now

Here are some easy and effective actions you can take today to stay safe:

1. Enabling Multi-Factor Authentication (MFA): Go to MFA settings in Google and configure it. This means that nobody can enter your account without your gadget.
2. Use Strong, Unique Passwords: Do not use the same password on other sites. Store them with a password manager as a randomized string.
3. Watch out for phishing and vishing: When you receive an unwanted email or phone call from someone who states that they are from Google, do not provide personal information. Unread the message and delete it and verify on your Google account.
4. Check Your Gmail Account Activity: Check the latest account activity to go through any suspicious logins.
5. Keep Software Updated: Always keep your apps, phones and computers updated. Security problems that hackers may exploit are even fixed by updates.

Final Thoughts 

This hack is a definite wake-up call to the fact that there is no such thing as a completely safe user on the internet, including the users of the largest tech companies in the world. Passwords were not stolen, but the stolen information can be utilized in harmful ways. Fraudsters have additional means to deceive people, steal their funds, and own accounts.

However, there is good news: You can do easy things to protect yourself. You can minimize the threat of being hacked by enabling Multi-Factor Authentication, watching out for unusual emails or phone calls, and frequently monitoring your account activity. Stay alert, stay informed, and use trusted resources like Trend Micro and Proton to stay ahead of cybercriminals.