Google Salesforce data breach triggers widespread phishing campaign against gmail users
Take action: Google NEVER calls users to request password resets or account information and never asks them to share the password - if someone calls claiming to be from Google asking you to reset your password or share credentials, it's a scam and you should hang up immediately. Instead of trusting any unexpected calls, go directly to your Gmail account and use Google's Security Checkup tool to verify your account security and update your recovery options.
Learn More
After attackers successfully breached one of Google's corporate Salesforce instances, they are now exploiting the incident to launch widespread phishing and voice phishing campaigns targeting Gmail users worldwide.
The original attack was claimed by the ShinyHunters cybercrime group via a social engineering campaign where hackers impersonated IT support personnel and convinced Google employees to authorize malicious applications through voice phishing (vishing) techniques.
The group then used custom Python scripts and automation tools to extract large volumes of data from compromised Salesforce instances.
The initial data breach has triggered a massive secondary campaign of phishing and voice phishing attacks designed to exploit the compromised information and target Gmail users directly.
Users are reporting increased phishing attempts and voice calls that reference Google services and the security incident. The attackers are using phone numbers from the 650 area code associated with Google's headquarters to enhance the legitimacy of their impersonation attempts.
Attackers are calling Gmail users and claiming to be Google employees warning of supposed security breaches related to the publicized incident. During these calls, the attackers instruct victims to reset their Gmail passwords and share the new credentials with them, effectively locking legitimate users out of their accounts while granting attackers complete control.
With Gmail and Google Cloud serving nearly 2.5 billion people worldwide, the scale of potential impact from these follow-up campaigns is enormous.
Google emphasizes that legitimate staff never call customers to request password resets by phone or email, and users should be immediately suspicious of any calls requesting password changes or account access. Users should utilize Google's Security Checkup tool to identify suspicious account activity and verify that recovery options are current and secure.
