Google has issued a warning to affected Gmail users, as known hackers are targeting and gaining access to accounts.
Google confirmed on the 8th August that many Gmail accounts were exposed to a hacker group, known both as UNC6240 and “ShinyHunters”. The group has been active since 2020 and behind many high-profile data breaches including Ticketmaster, Microsoft and more.
Google explained that the notorious ShinyHunters hacked into one of Google’s own Salesforce databases which held information on small and mid-sized businesses around the world. While it hasn’t given too much more information than that, it is widely thought that a Google employee inadvertently revealed login credentials.
However, the group were known to rely on voice phishing (known as vishing) to deceive victims into authorising a malicious app to their organisation’s Salesforce portal. During the scheme, the hackers would guide the victim to visit Salesforce’s connected app setup page to approve a malicious, modified version of Salesforce’s Data Loader, which then granted the hackers access to sensitive information.
What else do we know?
Despite Google notifying those affected on the 8th August 2025, the initial hack was thought to have taken place back in June 2025. Why Google waited so long to inform those affected and exactly how many accounts were breached remains unclear at the time of publishing.
How to protect your email account
Whether you’ve received an email from Google to say you’ve been affected, or you’re just concerned about keeping your data safe, the easiest way to protect your account is to change your password. To help, we’ve created an easy-to-follow guide on how to create a strong password.
Another tip to keep your data safe is to avoid clicking any links or opening attachments from unknown or suspicious senders. Finally, if anyone calls or emails claiming to be Google then it’s best to act wary.
It’s absolutely understandable to panic if you are contacted by “Google” and told you’ve been hacked, but never click on any links or reveal any details over the phone. Instead, we’d recommend ending communication, and changing your Gmail password through the correct app – not by clicking any links in emails or text messages.
