Gmail users urged to heighten vigilance following Google breach

With phishing campaigns on the rise following a breach of Google’s Salesforce database, Dwayne Brown, cybersecurity executive at JN Group, has urged Gmail users to strengthen their account security and adopt safer log-in practices. His warning follows Google’s recent alert to its 2.5 billion users about the breach and the potential for increased hacking attempts, exploiting its exposed business contact information.

In August, Google acknowledged the breach of one of its Salesforce databases, but said customer data was not compromised. The company noted that the exposed information consisted of “publicly available business information”, yet warned that attackers were using it to launch more serious campaigns and conducting “successful intrusions”.

According to reports, Google’s Threat Intelligence Group first warned of the attacks in June, carried out by a group of hackers connected to ShinyHunters, known for running phishing campaigns. Their recent campaigns have focused on Salesforce environments, often in collaboration with another hacking group called Scattered Spider. Since the Google breach, fraudsters have been using the opportunity to pretend to be Google support staff to trick users into accessing their emails.

“Even though passwords weren’t compromised, attackers can use the leaked data to do harm. Attackers can send emails that look legitimate and with users’ details, they can craft urgent or personalised messages, increasing the likelihood that these users will let down their guards. Many sites also rely on email to reset passwords or on their 2FA devices, and if an attacker convinces a user to click a link or provide a code, they can gain access without ever breaching the main database,” he explained.

Update passwords, enable 2FA, use passkeys

Stressing the need for heightened vigilance, Brown advised users to follow Google’s guidance by updating their passwords and enabling additional safeguards, such as two-factor authentication (2FA) and passkeys, if they have not already done so.

He explained that changing passwords helps prevent old or stolen passwords from being misused, while two-factor authentication (2FA) adds an extra layer of security that can block unauthorised log-ins even if a password is compromised. Passkeys, he added, replace passwords with a secure digital key on a user’s device, often unlocked with a fingerprint or face scan, that make accounts much harder to break into.

“Maintaining strong security habits is the most effective defence against cyberattacks,” he said. “Regularly changing your passwords while keeping them unique to you, enabling 2FA and using passkeys with fingerprint or face recognition makes your accounts far more resistant to phishing and other common attacks.”

Verify through official channels

Brown also advised persons to never share verification codes with anyone, and to verify suspicious emails or calls through official channels. He also cautioned against clicking links in unsolicited emails.

“Hackers can be very convincing, using carefully crafted and compelling stories to trick you into revealing sensitive information. They often create a sense of urgency, making it seem like you need to act immediately,” he said, while reminding persons to always verify requests before responding, and avoid sharing passwords or personal details through email or over the phone.

Review account activity, keep recovery information current

Additionally, Brown recommended that Gmail users regularly review their account activity and check recent log-ins, devices and connected apps through Google’s security settings to spot any unusual activity. He also advised persons to ensure that recovery phone numbers and email addresses are current, as they can provide an extra layer of protection if an account is compromised.

“Taking a few minutes to check account activity and update recovery information can significantly enhance security and provide early warnings of any suspicious activity place on your account,” Brown said. “If you see something that looks suspicious, such as a log-in from another country or an unfamiliar device, immediately change your password, enable two-factor authentication if it isn’t already on, and review your connected apps and recovery options to secure your account.”