Google has issued a worldwide alert urging billions of Gmail users to reset their passwords after a database tied to its Salesforce systems was compromised. While no personal Gmail credentials were exposed, the breach gave cybercriminals access to business contact information — a resource now weaponized to fuel phishing and impersonation attacks at a global scale.
The attacker group, identified as ShinyHunters, reportedly gained entry by impersonating an IT help desk to a Google employee, planting malware that extracted database content. According to Google, OAuth tokens linked to Drift Email integration were also compromised, prompting the company to suspend Gmail–Salesforce connections until further investigation.
Final Call: Be DPDP Act Ready with FCRF’s Certified Data Protection Officer Program
How Hackers Weaponized the Leak
The breach exposed company and customer names, a seemingly limited data set. Yet in the hands of skilled actors, such details form the backbone of persuasive phishing campaigns. Hackers have since unleashed sophisticated email and voice-based scams, mimicking legitimate Google communications.
According to Google’s Threat Analysis Group, phishing and “vishing” — phone-based social engineering — now account for nearly 37 percent of all successful account takeovers. Analysts warn that the business contact trove could allow adversaries to scale attacks, making it harder for even cautious users to distinguish real from fake.
Google’s Defensive Measures
In response, Google revoked compromised tokens, disabled integrations with Drift Email, and rolled out advisories recommending immediate protective steps. Users are being urged to update passwords, enable non-SMS two-factor authentication, and, where possible, transition to passkeys — biometric-based alternatives designed to eliminate risks of stolen or reused credentials.
Google’s Advanced Protection Program, typically aimed at journalists and political dissidents, is now being promoted to business users vulnerable to targeted campaigns. “Unlike passwords, passkeys can’t be written down or accidentally given to a bad actor,” Google emphasized in its updated security guidance.
Uncertain Road Ahead
The breach highlights a persistent tension: while Google insists its core systems — Gmail, Workspace, and Alphabet’s infrastructure — remain uncompromised, cybersecurity experts expect ripple effects to persist. The theft of business data, they say, is often a precursor to broader fraud, ransomware intrusions, and supply chain exploitation.
Google has not committed to a timeline for further disclosures, leaving questions about the full scope unanswered. Meanwhile, with 2.5 billion accounts at stake, analysts warn that even minor oversights in security hygiene could magnify the damage.