In June, a hacker group called ShinyHunters pulled off a serious breach by tricking a Google employee into handing over login credentials. The attackers gained access to a massive Google database hosted on Salesforce’s cloud platform, which the company uses to store business files and customer information. While Google confirmed that no passwords were stolen, the hackers still managed to take business documents containing company names and customer contact details.
Fake Calls and Emails Targeting Gmail Users
The stolen information is now being used in scams. Criminals are pretending to be Google workers, calling and emailing people to trick them into giving away sensitive details. Cybersecurity expert James Knight told the Daily Mail that this could affect millions of users.
According to Knight, there’s been a sharp rise in vishing — fake calls or texts that pressure people into revealing login codes or resetting their passwords. On social media, Gmail users have reported scam calls coming from 650 area code numbers. Many victims said they were tricked into resetting their Gmail passwords, only to lose access to their accounts and files.
Weak Passwords Still a Big Problem
Knight also revealed that some hackers are simply guessing easy passwords like “password” to break into accounts linked to the stolen database. His advice to Gmail users: update weak passwords immediately, enable multi-factor authentication (MFA), and complete the Google Security Checkup.
He also warned users to stay alert to phishing messages and fake phone calls, reminding them that even if a message claims to be from Google, it’s more likely to be fake than real.
Steps to Protect Your Gmail Account
Security experts recommend always enabling multi-factor authentication, which sends a code to your phone or email before you log in. Knight also suggests using passkeys, a newer login method that makes accounts harder to hack.
Hackers have also been seen using the dangling bucket method — sneaking into Google Cloud systems through old keys or forgotten web addresses. Once inside, they can steal even more data or plant malware.
Reports suggest the compromised Google database may have contained as many as 2.5 billion Gmail records. That’s because Salesforce, originally designed for customer data storage, is now also used to build user profiles of online activity.
Security Concerns and Google’s Response
Knight, who works at DigitalWarfare.com testing company defenses, said that despite Google’s heavy investment in security, a gap was left open. He pointed out that Google even bought a security company years ago, yet hackers still managed to exploit the Salesforce database.
He explained why email addresses are so valuable to hackers: they can be turned into money through scams, identity theft, or targeted attacks.
In August, Google published a blog post acknowledging the hack but didn’t reveal how many users were impacted. Google spokesperson Mark Karayan also declined to provide details on whether ShinyHunters made a ransom demand. The group, already infamous for targeting large companies and cloud databases, is actively exploiting the stolen information by trying weak passwords and tricking users into sharing login codes.
Knight’s closing message was simple: Gmail users must stay extra vigilant and never trust suspicious calls or emails, even if they appear to come from Google.
