Red Hot Cyber
Cybersecurity, Cybercrime News and Vulnerability Analysis
A far-reaching security advisory has been issued by Google to the 2.5 billion users of its Gmail service, aiming to strengthen the protection of their accounts following a data breach affecting one of the company’s third-party Salesforce-based systems.
In June 2025, an incident occurred that heightened concerns about complex phishing operations targeting a broad audience of users. This is one of the largest mass security alerts sent by Google, partly because, despite many users using complex passwords, only about a third update them regularly, leaving countless accounts exposed, especially those that don’t use MFA.
In June, a cybercriminal group identified as UNC6040, also known by its extortion brand ShinyHunters, managed to infiltrate a Salesforce enterprise instance used by Google. This system stored contact information and sales notes for small and medium-sized businesses.
The attackers used a social engineering tactic known as voice phishing, or “vishing,” to gain initial access. By impersonating IT support staff over the phone, they tricked an employee into granting them system privileges. Google’s analysis shows that the threat actor managed to access and recover a limited amount of data, including basic company information, largely in the public domain, such as company names and contact addresses.
Although the stolen data is considered to be their own Although not very dangerous in nature, security specialists warn that they could be used to carry out highly realistic phishing and vishing attacks. Google emphasized that the breach did not compromise consumer products like Gmail or Google Drive, and that no passwords or financial data were exposed.
Victims are tricked by attackers who use news of a breach to create scams that appear legitimate, tricking users into providing their login details or two-factor authentication codes. The criminal group’s tactics become more aggressive when they leak the data or use it to extort money, thus increasing the pressure on victims. This allowed the hackers to exfiltrate the data before their access was discovered and blocked by Google’s security teams. ShinyHunters is a well-known group linked to recent data breaches in other major companies, including Adidas, Cisco, and LVMH.
On August 8, Google announced that it had completed sending emails to all parties involved in the breach, and on August 5, the company had disclosed details of the event and UNC6040’s activities. Given the significant risk of further attacks, it is crucial that all Gmail users remain alert and implement preventative strategies.
We strongly recommend that you renew your login credentials, enable two-step verification, and do not trust unsolicited emails or phone calls requesting sensitive information.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
