Google Issues Warning to Billions of Gmail Users Over Password Hack

Credit: Unsplash

Phishing scams are on the rise; here’s how to protect yourself

Google has issued a fresh warning to its billions of Gmail users after a recent security scare linked to stolen business contact information. While no Gmail passwords were directly leaked, hackers are now using the data to launch highly convincing phishing and phone scams designed to steal login details.

What triggered the warning

The breach was tied to the hacker group ShinyHunters, who accessed a Salesforce cloud database. From there, attackers pulled contact details that make their phishing emails and phone calls look alarmingly authentic. Some users have already reported receiving calls that appear to come from Silicon Valley’s 650 area code, with scammers pretending to be Google representatives urging immediate password resets.

Google stressed that these messages and calls are not legitimate. The company says phishing and “vishing” (voice phishing) attempts are now responsible for more than a third of successful account takeovers worldwide.

Why Gmail users are vulnerable

Research shows only about 36% of users regularly update their passwords, leaving millions open to attack with weak or reused credentials. Once hackers get access to one account, they often use it as a springboard for more serious crimes, including extortion threats and identity fraud.

What you should do now

Google is urging users to take these steps immediately:

• Change your password to something unique, complex, and not used on any other site.
• Enable two-factor authentication (2FA) using text codes, an app, or a physical security key.
• Adopt passkeys—a newer, phishing-resistant login method that uses biometrics or device PINs instead of typed passwords.
• Run Google’s Security Checkup to spot weak points in your account.
• Ignore unsolicited messages or calls claiming to be from Google. The company will not ask you to reset your password by phone or suspicious email links.

Bottom line

This latest alert shows just how quickly hackers are evolving their tactics. Even if your Gmail password wasn’t stolen, you could still be a target through fake messages that look official. Staying safe means being proactive: update your security now, and treat every unsolicited email or call with suspicion.