Google has issued an urgent warning to Gmail users following cyberattacks linked to the ShinyHunters hacking group, which exploited data stolen from a Salesforce breach. While Google’s systems remain secure, the compromised data has enabled sophisticated phishing and impersonation scams, with hackers posing as IT support to steal login credentials through social engineering.

The attacks, detected in June and confirmed by August, have already led to successful intrusions, particularly targeting English-speaking branches of global corporations. ShinyHunters, a notorious cybercriminal group active since 2020, is known for high-profile breaches at companies like AT&T, Microsoft, and Ticketmaster, often selling stolen data or using it for extortion. Google advises users to change passwords regularly, enable two-factor authentication, stay cautious of suspicious emails or calls, and monitor account activity.

Although only about one-third of Gmail’s 2.5 billion users regularly update passwords, those directly affected by the breach were notified on August 8. Google warns that ShinyHunters may escalate their campaign, potentially launching a data leak site to further pressure victims.