Google warns 2.5 billion Gmail users to update passwords after hackers complete ‘successful intrusions’

Google has warned most of its 2.5 billion Gmail users to update their passwords and strengthen their account security as password hackers have carried out a significant amount of “successful intrusions.”

It is advising users to be on high alert for suspicious activity and add extra security measures, like two-factor authentication, if they have not already.

Hackers often access Gmail passwords by sending emails with links to fake sign-in pages, or by tricking users into sharing their two-factor authentication codes.

While most users have strong, unique passwords, only a third regularly update these keys, according to Google data.

Separately, Google has also advised customers to ramp up their security measures after a breach of its own Salesforce database.

In June, it warned that bad actors were targeting people through social engineering attacks – posing as IT support staffers, which was “particularly effective in tricking employees,” Google said.

This hack largely compromised publicly available data, like contact details for small- and medium-size businesses, but the hacking method could be used for more serious attacks in the future.

“We believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS),” Google said in a June blog post.

“These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches.”

It notified all users impacted by this incident via email on Aug. 8.

ShinyHunters, which seemingly pulls its name from the Pokémon franchise, formed in 2020 and has since been linked to several high-profile breaches of firms like AT&T, Microsoft, Santander and Ticketmaster.