Google issues warning to 2.5 billion Gmail users — change your password right now

News
By published

Protect yourself ASAP

A smartphone with the Gmail logo on it, being held by a hand, in front of a Google background
(Image credit: Shutterstock)

Millions of Gmail users are being warned to change their passwords after the ShinyHunters attack struck Google's Salesforce database in June. Though that breach did not expose user information – only basic and largely publicly available business information, according to Google – it still leaves regular Gmail customers open to phishing and social engineering attacks. ShinyHunters has been particularly successful in vishing attacks where it makes a phone call impersonating IT staff in order to deceive a caller into revealing their login credentials.

Google has advised Gmail users to be on alert as it feels that the hacking group may be preparing to escalate their efforts to launch a data leak site (DLS). Those who may have been affected by the incident should have received an email. According to a Reddit post, Gmail users are now being targeted in vishing attacks coming from phone numbers with a 650 area code.

How to stay safe from phishing attacks

A smartphone with the Gmail logo on it resting on top of a computer keyboard.

(Image credit: Shutterstock)

Google has encouraged users to change their passwords, and has sent out emails to users to remind them to do so. The company is also encouraging users to enable two-factor authentication whenever possible. It's advisable to take this time to make sure that all your security questions and back up information like emails and phone numbers are up-to-date as well, so that you have an accurate way to recover your account if necessary.

Next, make sure you’ve taken all the steps possible to keep your Google accounts safe against any unauthorized access. Check out Google’s Security Checkup for recommendations on your account security and to automatically identify any vulnerabilities. You can also use Google’s Advanced Protection Program to add an extra later of security to block downloads of any harmful files and to restrict any non-Google apps from accessing your Gmail data.

Additionally, make sure you know all the signs of phishing and vishing, to stay aware and informed. Never click on anything you’re not expecting in an email or text and never give out any personal information over the phone to anyone who randomly calls you. Google will not contact users over the phone to tell them about security breaches, so don't be fooled by these attempts.

Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.

More from Tom's Guide

Amber Bouman
Amber Bouman
Senior Editor Security

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.