2.5 billion Google accounts at risk after massive hack

Google’s Salesforce linked data breach

A cyberattack affecting a Google-linked Salesforce customer instance exposed business contact data. According to Google’s Threat Intelligence Group, the incident did not involve passwords or personal Gmail messages.

The breach leveraged a third-party integration with Salesforce, where attackers reportedly abused cloud-connected workflows to access certain Google-related account information.

Google confirmed that the attack was carried out by a group known as ShinyHunters. The hackers targeted Salesforce-connected workflows, with limited access to some Workspace mailboxes via specific OAuth tokens. Experts warn that even small leaks can lead to identity theft or extortion later.

What Google says about it

According to Google’s Threat Intelligence Group, the company first spotted the suspicious activity in June. By August, investigators discovered the full extent of the hack and traced it back to ShinyHunters’ known tactics.

These methods included impersonating IT support and using social engineering to access secure systems.

While Google said much of the stolen data was basic business information, it warned that the attackers may escalate. The group is believed to be preparing a public data leak site to pressure victims into paying ransom demands.

The hackers behind the breach

ShinyHunters isn’t a new name in the world of cybercrime. The group has a long history of hacking major brands like AT&T, Ticketmaster, Microsoft, and Santander. They often steal massive databases, threaten leaks, and sell stolen information on dark web forums for quick profit.

Their latest target, Google’s cloud-linked systems, shows how far the group has evolved. Instead of hitting smaller companies, they’re now going after global tech giants. Their methods mix patience, deception, and old-school phishing, a dangerous combination.

How the breach was discovered

Google’s internal security teams first detected odd network behavior tied to Salesforce connections. After weeks of monitoring, they realized hackers had already accessed certain systems using overlapping tactics previously seen in other ShinyHunters operations.

Once confirmed, Google coordinated with Salesforce to contain the issue and assess potential damage. Investigators say the attackers may have been gathering information quietly for months before anyone noticed.

What data was exposed

The good news, according to Google, is that most of the exposed data wasn’t private messages or passwords. The stolen information mainly included basic, publicly available business details. But even that can be valuable to hackers who specialize in identity fraud or phishing.

Cybersecurity experts say that leaked corporate data can be used to create fake identities, target employees, or craft convincing scam emails. Even if your personal information wasn’t leaked, the ripple effects could still reach your inbox.

Why this hack is different

Unlike many previous breaches, this one didn’t rely on weak passwords or simple phishing links. It exploited a trusted software partner, Salesforce, which many global companies depend on. That makes the hack harder to detect and even more concerning.

It’s a reminder that cybercriminals don’t always go through the front door. By targeting connections between tech platforms, hackers can bypass typical user protections, something experts call a “supply chain weakness.”

Google’s warning to users

Following the discovery, Google urged users to strengthen their account security immediately. That includes updating passwords, enabling two-factor authentication, and avoiding reused credentials across multiple services. These simple steps can drastically reduce future risk.

Google also reminded users to be cautious of fake messages pretending to come from support teams or financial institutions. The company says scammers often act fast after big breaches, hoping panic will make users easier to trick.

Steps to protect your account

Start with a strong, unique password that you don’t use anywhere else. A password manager can help create and safely store it for you. Avoid patterns, birthdays, or familiar phrases that hackers can guess from social media.

Then, turn on two-factor authentication and use a security key or Google Prompt. Even if someone has your password, they’ll still need your approval to log in. Lastly, update your apps and browsers to their latest versions to ensure the latest security patches.

Signs beyond your inbox

Sometimes, the signs appear outside Gmail. Odd charges in your Google Pay history, missing Play Store purchases, or unexpected activity on YouTube could signal your account has been compromised.

If that happens, contact your bank or financial provider right away. It’s also smart to review your account’s activity logs through Google’s Security Checkup tool. This built-in feature helps you see all devices that have recently signed in.

How hackers exploit stolen data

When ShinyHunters or similar groups steal databases, they rarely keep the data to themselves. They often sell it on dark web markets or use it for extortion, asking victims to pay in cryptocurrency to prevent leaks.

Even a small batch of data can be dangerous in the wrong hands. Hackers can combine stolen business information with personal details from other leaks, creating detailed identity profiles that fuel larger scams.

ShinyHunters’ growing reputation

The group’s name might sound playful, but its record is anything but. Inspired by a Pokémon reference, ShinyHunters has built a reputation as one of the boldest cyber gangs online. They’ve managed to breach several tech and media companies without detection for months.

Their operations often involve teamwork across multiple countries, using fake IT calls or phishing emails to get employees to hand over credentials. The group’s persistence makes it a major threat to global organizations.

Google’s ongoing investigation

Google’s Threat Intelligence Group continues to trace the hackers’ movements and assess their next steps. The company believes ShinyHunters may be setting up a data leak site, a move often used to pressure victims into paying ransoms faster.

While Google says its core systems remain secure, it’s still working with partners like Salesforce to close any remaining gaps. The tech giant has not yet said if users will receive direct notifications about the breach.

What to do if hacked

If you believe your Google account has been affected, act fast. Change your password immediately, then run a Google Security Checkup to find any suspicious logins or app connections.

Next, reach out to anyone who might have been impacted, for example, contacts who received spam from your address. Stay alert for a few weeks, since hackers often return after you reset your credentials.

Lessons for everyone online

The Google breach is a reminder that no one is completely safe online. Even the biggest tech companies can fall victim to sophisticated attacks that slip past strong defenses.

For regular users, it is a call to take digital hygiene seriously. Keeping accounts secure is not a one-time task; it is an ongoing habit. The more layers of protection you add, the harder it becomes for hackers to break in.

While security gets smarter, so do other features. Check out how Gmail is getting even smarter by automatically summarizing your busy threads.

What this means going forward

This breach may not expose sensitive personal data right now, but it highlights how cyber threats are evolving. Hackers are no longer chasing quick wins; they’re aiming for the networks that connect millions of users at once.

Google’s quick response and public warning show how serious the company is about transparency. But for everyday users, the best defense still lies in caution, awareness, and smart online habits.

Even the strongest password won’t protect you on its own, learn why your passwords are useless without MFA and 2FA.

What do you think about this massive Google hack? Would you change your online security habits after hearing this news? Share your thoughts in the comments.

Read More From This Brand:

• 9 Google security settings that could save you from a data breach
• 1 million two-factor authentication codes were leaked in a recent breach
• May 2025 data breach exposes 184 million login credentials across major platforms

Don’t forget to follow us for more exclusive content on MSN.

If you liked this story, you’ll LOVE our FREE emails. Join today and be the first to get stories like this one.

This slideshow was made with AI assistance and human editing.