Google has just issued an urgent warning to 2.5 billion Gmail users worldwide after a data leak related to the Salesforce system.
The technology giant recommends that all users should change their passwords immediately, while being vigilant against the widespread fraud campaign.
The incident occurred in June this year, stemming from the integration of the third-party Salesforce platform.
Initially, Google thought the scope of impact was limited, but after the investigation, the company admitted that the leaked data was much larger, not only stopping at Salesforce Drift but also affecting other integrations.
According to the Google Threat Intelligence team, the attacker identified as UNC6395 broke into the system, scanning support coupons and customer messages, and accessing sensitive data such as AWS access locks, Snowflake vulnerabilities and passwords for other accounts.
Although Google confirmed that none of its Gmail passwords have been hacked, the risk of being exploited by hackers to launch fake campaigns impersonating Google employees is very high.
Forbes quoted Google as saying that the company has asked users to deploy two-factor authentication (2FA) and use strong passwords to limit risks.
Users are also advised to be on guard against fake calls or messages asking for a login code or resetting a password.
According to the investigation, the attack involved the Hacker group ShinyHunter, the name behind many previous famous data breaches such as Microsoft, Ticketmaster or AT&T.
Although much of the stolen data is public, experts warn that ShinyHunter may be preparing to launch fraudulent websites to exploit more users.
According to the Software freedom Law Center (SFLC), the incident exposed serious loopholes in the dependence on third-party platforms. Not only the email system, but also business and ticket sales platforms can become exploited targets.
In this context, security experts emphasized that Gmail users need to quickly change their passwords, activate 2FAs and be vigilant against unusual behavior to avoid becoming the next victim in the global cyber attack series.
