Liputan6.com, Jakarta Google faced another significant data security issue in August 2025, potentially affecting billions of Gmail users worldwide.
This breach stemmed from the compromise of Google's corporate Salesforce database that occurred several months earlier, in June 2025.
This incident then triggered a series of more sophisticated cyberattacks targeting users' personal information.
This data security incident was not simply an information leak, but rather a multi-layered strategy exploited by a group of hackers.
Data obtained from the initial breach was used to launch a wave of highly convincing phishing and vishing attacks, making it difficult for users to distinguish between genuine communications and fraudulent ones.
"The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details," the company said.
Google Salesforce Database Breach
This security incident began with a breach of Google's corporate Salesforce database that began in June 2025.
The hacker group responsible for this incident was identified as ShinyHunters, also known as UNC6040.
The attack method used by ShinyHunters was highly sophisticated, involving social engineering tactics, specifically vishing, or voice phishing.
The attackers successfully deceived a Google employee with a fake phone call, posing as IT staff, and persuaded the employee to approve a malicious application connected to the Salesforce system.
Google confirmed that the compromised data from the Salesforce database was primarily basic and public business information, such as business names and contact details.
As reported by NDTV, Google had confirmed that no passwords were stolen during the breach.
But if you're one of the 2.5 billion people who use Gmail, you are now at risk of phishing attempts.
Particularly, users of Google services, including Gmail and Google Cloud, are at risk.
Impact on Gmail Users
While sensitive Gmail user data wasn't directly leaked from Salesforce, the stolen business contact information provided attackers with ammunition to launch a wave of more convincing phishing and vishing attacks.
These attacks reportedly flooded Reddit and cybersecurity forums, indicating the widespread scale of the threat.
These phishing attacks included fake emails warning of suspicious login attempts, as well as fraudulent phone calls from numbers associated with Google's California area code.
According to the tech company, scammers are impersonating Google employees, calling or texting users to reset passwords or provide login codes.
They then pressured users to "reset" their passwords and share new credentials, ultimately locking account holders out of their inboxes.
More than 2.5 billion Gmail users were reportedly at high risk from this massive phishing and vishing campaign.
What Can Be Done?
Google began notifying affected users on August 8, 2025, after completing a thorough analysis of the breach.
In response to this incident, Google has advised Gmail users to immediately update their passwords.
Furthermore, the company strongly encourages enabling two-factor authentication (2FA) to increase account security.
2FA adds a second verification step, such as a code sent to a mobile phone, making it more difficult for unauthorized access even if the password has been compromised.
Google also reminds users that legitimate companies will never ask for login details or authentication codes via email or phone.
Cybersecurity experts warn that even limited business data, such as that leaked from Salesforce, can be used to create highly convincing phishing and vishing campaigns.