More than 2.5 billion Gmail users could be at risk after hackers breached a major Google database.
Scammers linked to the group ShinyHunters tricked a Google employee into getting access to a database managed through Salesforce’s cloud platform in June.
They stole a heap of files containing company names and customer contact details.
Google says no passwords were taken in the breach, but that has not stopped reports of hackers targeting customers.
According to accounts on the Gmail subreddit, they have been using the stolen data to try impersonate Google workers through fake phone calls and malicious emails.
How can you protect your data?
Cybercriminals can trick their victims into handing over log in codes or passwords to get into their Google accounts.
Cybersecurity expert James Knight told the Daily Mail: ‘There’s a huge increase in the hacking group trying to gain leverage on this.
‘There’s a lot of vishing – people calling, pretending to be from Google, text messages coming through in order to get people to log in, or get codes to log in.
‘If you do get a text message or a voice message from Google, don’t trust it’s from Google. Nine times out of 10, it’s likely not.’
These ploys could leave victims locked out of their accounts, or have their private information stolen.
Knight also warned the scammers could be using brute force to get into Gmail accounts, for example by trying common passwords, such as ‘password’.
In short: how to protect your Gmail account
- Don’t trust suspicious calls or texts
- Use strong, unique passwords and avoid weak or common ones
- Turn on multi-factor authentication (MFA)
- Switch to passkeys
- Do a Google Security Checkup
To protect yourself against this, anyone with a Gmail account should change their passwords if they use common or weak phrases.
The security pro also advised people to implement multi-factor authentication.
This enhances your security by sending a one-time code to your phone or email whenever you log into certain websites.
Users can also utilise the passkeys, a newer type of security method, to log into their devices.
Google have been pushing users to switch to passkeys because they are highly phishing-resistant and can log you in using your face or fingerprint.
Another trick to beware of is the ‘dangling bucket’ threat.
Hackers slip into Google Cloud accounts and wreck havoc through old or forgotten access points in Google Cloud accounts.
To discover any gaps in your account’s security, users have been advised to take a Google Security Check.
This tool helps find all the holes in your Gmail security protections and lists all the extra safeguards that can be implemented.
How do we know about the breach?
Google has published too many details about the attack as of yet, but it confirmed the hack on August 5.
The huge tech company has tried to reassure users, saying: ‘Google responded to the activity, performed an impact analysis and began mitigations.
‘The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.’
The hack targeted Salesforce, a huge database system which builds profiles of users and used by Google for its Gmail services.
Google’s statement said on August 8 that emails were ‘actively being sent to those affected by this incident.’
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.
