Google warns that billions of Gmail accounts could be vulnerable after data breach

• Gmail users could be affected in the ShinyHunters attack campaign
• Google has warned those who may be vulnerable
• This campaign has targeted a large number of companies

A warning from Google has outlined a prolific hacking group, ShinyHunters, has leveraged Gmail to attack users. Google’s Threat Intelligence Report reveals that the group accessed data during a small window, which could leave users exposed.

Around 2.5 billion users were urged to reset their passwords and tighten their security after the contact information of small and medium sized businesses was accessed. The information was publicly available, typically names and contact details, but this still leaves some vulnerable to phishing attacks.

Google has since notified those affected by the incident via email – but those whose data was compromised should be on the lookout for social engineering and extortion attacks. These incidents typically involve an email or call to employees of victim organizations demanding large sums of bitcoin.

Phishing risk

The breach comes from ShinyHunter’s data theft through a corporate Salesforce instance, confirmed by the company. Salesforce was targeted by the group, who impersonated company staff and contacted IT support services to gain access.

“In June, one of Google’s corporate Salesforce instances was impacted by similar UNC6040 activity described in this post,” the company said, “the data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.”

ShinyHunters is an extremely successful threat group, recently attacking Santander, AT&T, and insurance giant Allianz. But, Google doesn’t think they’re done yet;

“We believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS)” the report confirms.

“These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches. We continue to monitor this actor and will provide updates as appropriate.”

You might also like

• Take a look at our picks for the best malware removal software around
• Check out our choice for best antivirus software
• Google warns Salesloft attack may have compromised Workspace accounts and Salesforce instances