Google has suffered a major data breach. Google has warned most of its 2.5 billion Gmail users to update their passwords and strengthen their account security as password hackers have carried out a significant amount of “successful intrusions.”
Hackers from the ShinyHunters group breached Google’s Salesforce CRM through a voice phishing (vishing) attack. While no sensitive user data was stolen, business contact information was exposed, which was later used in phishing and impersonation scams. Google alerted 2.5 billion Gmail users to update their passwords and watch for fake messages, particularly those spoofing the Silicon Valley “650” area code.
Google has also warned of advanced AI-powered attacks targeting its Gemini assistant via “indirect prompt injection.” This technique hides malicious commands in seemingly harmless content like emails or calendar invites, potentially leading Gemini to leak sensitive information.
READ: Meta signs $10 billion deal with Google (
“We believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS),” Google said in a June blog post.
“These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches.”
Google notified all users impacted by this incident via email on Aug. 8. Another major risk came from infostealer malware. Over 184 million account credentials, including Google logins, were leaked through infected devices and unsecured databases. These credentials have fueled credential-stuffing attacks against Gmail and other platforms.
Though none of these incidents involved a direct breach of Gmail servers, the stolen data is being used to target users in sophisticated ways. Google recommends enabling two-factor authentication, using strong, unique passwords, and running security checks. As threats grow more AI-driven, users must stay informed and proactive to protect their personal and business accounts.
READ: Apple, Google and other tech giants suffer massive data breach (
The recent string of cyber incidents involving Google highlights the growing complexity and severity of threats faced by even the most technologically advanced companies. Although Gmail itself was not directly breached, the exposure of contact data through a targeted Salesforce CRM hack, along with the emergence of AI-driven attacks and massive credential leaks from infostealer malware, signals a concerning escalation in cyber risk.
For Google, this not only raises critical questions about internal security protocols and third-party dependencies, but also reinforces the company’s immense responsibility in safeguarding billions of users worldwide.
These events demonstrate that cyberattacks are no longer isolated technical failures—they are part of a broader ecosystem of persistent threats combining social engineering, AI manipulation, and data theft. Hackers are growing more creative, targeting trust-based systems like CRMs and exploiting AI assistants like Gemini through sophisticated indirect prompt injections. In this context, even non-sensitive data such as contact lists can be weaponized to orchestrate large-scale scams and phishing attacks.