Google has sent out a fresh warning to billions of Gmail users worldwide after a major security incident exposed data linked to user accounts. The alert comes after hackers targeted a Salesforce-managed database, sparking new phishing and phone scams aimed at Gmail users.
While Google confirmed that no Gmail passwords were directly leaked, cybercriminals are using the stolen data to send fake emails, create phishing links, and even make fraudulent calls pretending to be Google support. These scams are designed to trick people into sharing their login details and security codes.
Why This Warning Matters
There are more than 2.5 billion active Gmail accounts, making it one of the largest email services in the world. With such a massive user base, even a small security breach can affect millions of people. Experts say this could be one of the biggest Gmail-related threats in recent years, as hackers are using advanced techniques like AI-generated phishing emails and vishing calls (voice phishing).
How to Secure your Gmail Account?
Google and security experts recommend taking the following steps immediately:
-
Change your Gmail password – Use a strong, unique password that you don’t use anywhere else.
-
Turn on 2-Step Verification (2FA) – Prefer app-based or hardware key verification instead of SMS codes.
-
Use Passkeys where available – They are more secure and resistant to phishing.
-
Check your Google Security settings – Review recovery emails, phone numbers, and connected devices.
-
Watch out for suspicious emails and calls – Google will never ask for your password or verification codes over the phone.
-
Keep software updated – Update your browser, Gmail app, and operating system to the latest versions.
Wow.! 2.5 billion @gmail accounts impacted by this massive breach-just by tricking a single employee? Really shows even big companies aren’t immune to social engineering. Please, everyone: turn on 2FA, don’t trust random calls, and be extra careful with your info. pic.twitter.com/BjaoNzH5X6
— Deepak Chendra (@KNOWDEEPAK_) August 28, 2025
Expert Advice
Cybersecurity researchers advise Gmail users not to panic but to stay alert. Many of the phishing attempts look very similar to official Google alerts. Always type gmail.com directly into your browser instead of clicking unknown links in emails or messages.
If you get a suspicious notification or call, ignore it and verify directly in your Google account security settings.
| Risk | Recommendation |
|---|---|
| Phishing Emails | Always verify sender addresses and avoid clicking unexpected links. Go directly to gmail.com if in doubt. |
| Vishing Scams | Google will never contact you unsolicited by phone. Hang up on such calls. |
| Account Recovery | Keep recovery phone numbers and backup emails up-to-date. |
| Device & Software | Install OS and Chrome/Android updates promptly to patch vulnerabilities. |
| Password Management | Use a reputable password manager to generate and store strong, unique passwords. |
| Suspicious Behavior | Monitor account activity and review recent logins via Google Security Checkup. |
| High-Profile Risk | Consider enrolling in Google’s Advanced Protection Program for enhanced protection. |
/content/stories/thumb/thumb68b2d4ee7c6bb3.85545052.webp)
/content/stories/thumb/thumb68b292efd0b2a5.95298794.webp)
/content/stories/thumb/thumb68b2954978c508.46253011.webp)
/content/stories/thumb/thumb68b1938f323730.87349764.webp)
/content/stories/thumb/thumb68b15bd3ee90f0.92810611.webp)
