Gmail users warned to change passwords after massive data breach
Google just warned its massive Gmail community—yep, all 2.5 billion of us—to change passwords and tighten up security.
This comes after hackers (the group ShinyHunters) pulled off a cyberattack by tricking a Google employee into installing malware on a system connected to Google's Salesforce database back in June 2025.
No actual passwords were leaked, but scammers got their hands on business contact info, leading to waves of phishing and fake account reset attempts worldwide.
Hackers used phishing emails, pretended to be IT staff
ShinyHunters, who've hit big names like Microsoft and Ticketmaster before, used classic social engineering moves—think phishing emails and pretending to be IT staff—to get inside.
Google emailed affected users about the breach on August 8.
Google advises users to turn on 2-factor authentication
Google says most people have strong passwords but don't update them often enough.
Their advice? Turn on two-factor authentication (not just SMS codes) and try switching to passkeys for even better protection.
Knowing these scam tactics can help you keep your accounts—and your data—safe going forward.