Google has issued a global Gmail data breach alert, asking its 2.5 billion users to change their passwords after a security incident involving one of its Salesforce databases. Personal Gmail and Cloud accounts were not directly hacked, but the breach has triggered a surge in phishing and impersonation attacks targeting users worldwide. Experts warn that users should remain vigilant to avoid falling victim to these scams.
The exposed database did not include passwords or other sensitive consumer data. However, the leaked business contact details have been used in phishing campaigns that imitate official Google communications. Google’s threat team reports that phishing and “vishing,” or voice phishing via phone calls, now account for 37 percent of successful account takeovers across its platforms. Hackers can use this information to send convincing emails or make phone calls that trick recipients into revealing sensitive information or clicking malicious links.
The breach involved business contact information such as company names and customer contacts. Hackers used these details to craft highly convincing phishing emails and voice-based scams. The group behind the attack, identified as ShinyHunters, gained access by impersonating an IT help desk to a Google employee and deploying malware to extract the database contents. Google confirmed the breach publicly on August 5, 2025, in a blog post. The compromised database was part of Google’s internal Salesforce system used to manage potential advertisers. Google stated that only a limited set of basic business contact information was exposed. Personal Gmail account credentials were not affected.
On August 28, 2025, Google confirmed that the attackers also compromised OAuth tokens for the “Drift Email” integration. These tokens can grant limited access to user accounts, increasing the risk of further phishing attacks. Users are advised to update their passwords and enable two-factor authentication to secure their accounts. Google also recommends being cautious with emails or calls requesting sensitive information, even if they appear legitimate.
Security experts highlight that this breach shows a growing trend in cybercrime, where attackers target corporate and business-related data to launch highly effective phishing campaigns. Users are encouraged to change Gmail passwords immediately, enable two-factor authentication on all accounts, avoid clicking links or downloading attachments from unexpected emails, verify the identity of anyone requesting sensitive information, and monitor accounts for suspicious activity.
This incident emphasizes the need for ongoing vigilance. Even without direct access to personal Gmail accounts, hackers can exploit business contact information to launch attacks. Google continues its investigation and is working to prevent further incidents. The company urges all Gmail users to follow security guidelines to protect their accounts.
