Gmail users face increased security risks as Google warns of rising phishing attacks following a data breach. Google confirmed that hackers gained access to one of its corporate Salesforce databases in June 2025, exposing business contact information that is now being used in targeted scams against users.
The breach, linked to a hacking group known as ShinyHunters (also tracked as UNC6040), did not directly expose Gmail passwords or user data. Subsequent OAuth‑token abuse tied to the Salesloft Drift integration is tracked as UNC6395. However, Google warns that compromised passwords remain behind many successful account intrusions, with only 36% of users regularly updating their passwords.
“The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details,” Google stated about the Salesforce breach. This stolen information is now fueling sophisticated phishing attempts.
The attackers are using voice phishing (vishing) tactics, where they call users pretending to be Google support staff. During these calls, they try to trick users into sharing passwords or approving malicious access to their accounts. Many Reddit users have already reported receiving suspicious emails and phone calls claiming to be from Google support about security issues.
Similar Posts
Google began notifying affected users on August 8, with continued advisories through late August as phishing attempts escalated. Google revoked OAuth tokens for the “Drift Email” integration and disabled the Google Workspace–Salesloft Drift integration; Salesforce also temporarily disabled Drift integrations.
To protect your account, Google recommends:
- Change your password immediately if you haven’t done so this year
- Switch from SMS-based two-factor authentication to an authenticator app
- Add and use passkeys as your default sign-in method
- Never sign in through links in emails, even if they appear to be from Google
- Be suspicious of calls or emails about “suspicious sign-in” alerts
If you’re concerned about your account security, Google advises checking your recent activity directly through your Google account’s Security section rather than clicking on links in emails. Look for the “Review Security Activity” option to see any suspicious logins or activity from the past 28 days.
The breach highlights a growing vulnerability from third-party app integrations. The hackers gained access not by directly breaching Gmail but through connected services that had legitimate access to Google systems.
While Google confirms no passwords were directly leaked in this incident, the company emphasizes that outdated password practices make users vulnerable to these increasingly sophisticated attacks.
