Gmail users across the globe have been issued an urgent warning to act now after accounts of 2.5 billion people were exposed to criminals in a massive Google security breach. In June this year, Google experienced a cyber raid targeting a platform it uses to manage customer relationships.
The breach was orchestrated by a threat group known as UNC6040, associated with the notorious ShinyHunters collective. The attackers employed social engineering tactics—specifically voice phishing—to deceive a Google employee into revealing login credentials. The incident has triggered widespread alarm across the UK and globally, as cybercriminals rapidly began exploiting the stolen data.
The attack resulted in the theft of extensive files containing company names and customer contact details.
Although Google confirmed that no passwords were compromised, cybersecurity experts caution that such personal information is more than enough for scammers to launch damaging impersonation campaigns.
Cybersecurity expert James Knight told The Sun: “There’s a huge increase in the hacking group trying to gain leverage on this.
“There’s a lot of vishing – people calling, pretending to be from Google, text messages coming through in order to get people to log in, or get codes to log in.
“If you do get a text message or a voice message from Google, don’t trust it’s from Google. Nine times out of 10, it’s likely not.”
Several social media users have reported that scammers are placing calls from phone numbers bearing the US 650 area code, creating the illusion of legitimacy and convincing recipients the calls are authentic.
Individuals who are deceived by this tactic often find themselves locked out of their Gmail accounts, while others suffer the loss of access to critical documents, personal photos, and confidential information.
Mr Knight also warned that hackers are also trying simple brute-force methods to break in. Some are testing weak passwords like “password” to get lucky with careless users.
He added: “First thing, ensure multi-factor authentication is set. Second thing, make sure you’ve got a really strong password that’s unique on that account.”
Another emerging threat following the breach is the tactic known as the “dangling bucket” exploit. This method involves hackers gaining access to Google Cloud accounts by identifying and hijacking outdated or abandoned storage buckets—digital containers that were deleted but still referenced in old code, apps, or documentation.
Although the breach was significant in scope, Google has not disclosed the exact number of affected accounts. In a blog post published in August, the company acknowledged the incident but withheld specific figures, reports The Sun.