Updated on August 27th, 2025: According to a statement we’ve received from Google, the leaked data and the phishing attacks are two different incidents that should be considered separately. The data breach only involved “a limited set of basic business contact information used to communicate with potential advertisers.” The phishing attacks on private users are said to be unrelated. However, users should still take the warning about potential phishing attacks seriously.
Original story from August 18th, 2025: If you’re a Gmail user, you need to be particularly careful right now as criminals are currently targeting Gmail accounts. Hackers from a group called ShinyHunters were recently able to gain access to Google’s Salesforce database systems, reports Forbes.
Google has confirmed the attacks and states that general data like customer and company names were leaked, but not passwords. The resulting data leak means that users of Google services—including Gmail and Google Cloud—are now at risk of falling victim to phishing attempts.
How the phishing attacks work
Initial reports of attempted attacks have already been seen on Reddit, which are likely related to the data leak. Users describe how alleged Google employees have contacted them by phone to inform them of a security breach in their accounts.
In these scam attempts, attackers are trying to take over Gmail accounts by triggering alleged “account resets” and then intercepting passwords to subsequently lock out the account holders. Another attack method involves “dangling buckets” (i.e., outdated access addresses) to steal data from or inject malware into Google Cloud.
Both methods are extremely dangerous and currently threaten Gmail and Google Cloud users in particular, around 2.5 billion people worldwide. In theory, companies are of particular interest to hackers, but private individuals can also easily be targeted.
How to protect yourself
To be on the safe side, you should ensure that your account is protected against unauthorized access. Google has provided the following security measures for this purpose:
- Use Google’s Security Checkup to automatically identify security vulnerabilities and get account security recommendations.
- Activate Google’s Advanced Protection Program to get an additional security barrier that blocks the download of potentially harmful files and restricts non-Google apps from accessing Gmail data.
- Use passkeys instead of passwords to stay better protected against hacking attacks and phishing attempts.
Above all, you must remain vigilant. Be particularly skeptical if you’re contacted by alleged support staff who can’t confirm their identity. Google employees will never contact you by phone or email to reset a password or make other changes to your accounts.
Further reading: Gmail’s AI summaries can be hijacked by scammers
This articles is written by : Fady Askharoun Samy Askharoun
All Rights Reserved to Amznusa www.amznusa.com
Why Amznusa?
AMZNUSA is a dynamic website that focuses on three primary categories: Technology, e-commerce and cryptocurrency news. It provides users with the latest updates and insights into online retail trends and the rapidly evolving world of digital currencies, helping visitors stay informed about both markets.
