2.5 billion Gmail accounts exposed in massive data breach

A major Gmail data breach has exposed up to 2.5 billion accounts, with a notorious hacker group posing as Google employees to deceive users.

Google recently disclosed that a hacker group known as ShinyHunters had infiltrated its Salesforce database by tricking an employee into handing over login credentials.

According to the company, “The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.”

However, the breach reportedly gave ShinyHunters access to a staggering 2.5 billion Gmail accounts. The group is infamous for using sophisticated social engineering tactics to gain access to sensitive systems.

Ironically, Google's disclosure came as an update to a blog post originally published in June, which detailed how ShinyHunters—also referred to as UNC6040—operates.

“UNC6040 has demonstrated repeated success in breaching networks by having its operators impersonate IT support personnel in convincing telephone-based social engineering engagements,” the company explained.

“This approach has proven particularly effective in tricking employees—often within English-speaking branches of multinational corporations—into actions that grant the attackers access or lead to the sharing of sensitive credentials, ultimately facilitating the theft of Salesforce data.”

Google confirmed it notified all affected users by August 8.

However, The Sun reports that users in the UK are now being targeted with phone calls, emails, and text messages, urging them to reset passwords or provide login information.

Cybersecurity expert James Knight told the outlet, “There’s been a huge increase in the group trying to gain leverage from this.”

“There’s a lot of vishing—people calling and pretending to be from Google, or sending texts to get people to log in or hand over verification codes,” he said. “If you get a message claiming to be from Google, don’t assume it’s legitimate. Nine times out of 10, it’s not.”

ShinyHunters have been linked to several high-profile cyberattacks, including the theft of 1.3 terabytes of customer data from Ticketmaster in 2024, and a 2023 breach affecting 200,000 Australian Pizza Hut customers.

“The lengths to which this group goes to steal data are remarkably devious,” said FBI Special Agent Richard Collodi last year.