Hacking group ShinyHunters has gained access to a Google database, potentially putting 2.5 billion Gmail users worldwide at risk. The stolen data is already being used to make phishing calls and fake messages on behalf of the company.
Hacking group ShinyHunters has gained access to a Google database, potentially putting 2.5 billion Gmail users worldwide at risk. The stolen data is already being used to make phishing calls and fake messages on behalf of the company.
According to the Daily Mail, the breach occurred in June 2025. Hackers used social engineering to trick a Google employee into sharing his login details for the cloud platform Salesforce. As a result, the cybercriminals took control of a large amount of corporate data, including files with company names and customer contacts.
Although Google says that user passwords have not fallen into the hands of attackers, the stolen information is already being used for phone scams. The attacks are carried out using the «vishing» scheme: subscribers are called with the area code 650 (California), posing as Google employees, and offered to «reset their password» or «confirm their access code.» Those who fall for the scam lose control of their accounts.
Cybersecurity experts say the situation is critical due to the scale of the breach. «Any Gmail owner should check their login settings, change their passwords, and enable multi-factor authentication,» says security expert James Knight. He also recommends using passkeys and running the regular Google Security Checkup.
Additional risks include the «dangling bucket» method: the use of outdated or unsecured access keys to Google cloud accounts. This allows hackers to install malware or take over new data sets.
ShinyHunters is known for attacking large companies and trading in stolen databases. Despite Google’s significant investments in protection, the incident shows that even cybersecurity giants remain vulnerable to the human factor. However, experts emphasize that most attacks are successful precisely because of weak passwords and users’ trust in fake messages. Therefore, the main defense is attentiveness and adherence to basic rules of digital hygiene.
Previously, dev.ua wrote about how the Bybit crypto exchange announced a hack and hacker attack, as a result of which, according to analysts, almost $1.5 billion worth of tokens were lost.
