Millions of Gmail users are now at risk after hackers infiltrated a major Google database, exposing contact information for an estimated 2.5 billion accounts. The cybercriminal group ShinyHunters reportedly tricked a Google employee into sharing login credentials in June 2025, gaining access to a Salesforce-managed cloud database. While Google says passwords were not stolen, scammers are already exploiting the leaked data.

Victims report receiving phone calls and messages from numbers disguised as Google support, attempting to lure them into revealing account access codes. James Knight, a cybersecurity expert, warns that “there’s a huge increase in people pretending to be Google employees. Texts, calls, vishing… all trying to trick you.” Many users admitted on social media that calls often come from 650 area code numbers, aiming to reset Gmail passwords.

Experts advise users to immediately enable multi-factor authentication, update weak passwords, and consider using passkeys, a newer security method for identity verification. Knight also recommends running the Google security checkup to find vulnerabilities and stay alert to phishing attempts.

Another method being used by hackers is called the “dangling bucket” technique. This involves exploiting old cloud access points or forgotten digital keys to slip into Google Cloud accounts and steal or plant malicious files. Salesforce, the platform involved, is widely used to manage customer data but has evolved to store detailed user profiles, which made this database especially valuable.

Knight emphasized that even well-protected companies like Google can have overlooked vulnerabilities. “These email addresses are really golden. Hackers have made a lot of money off this one,” he noted. Despite Google’s security investments, the breach highlights that even the largest tech firms are not invulnerable.

Users are urged to stay vigilant, question any unexpected communications claiming to be from Google, and avoid sharing verification codes with anyone. The breach is a stark reminder that online security requires constant attention, even for the most experienced users.

Full details can be found here: Daily Mail report