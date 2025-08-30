Google has issued an emergency warning to all Gmail users amid a growing cyber threat.

The threat is thought to be linked to a major third-party breach. The company stresses that its own systems remain secure, however, but the incident means that hackers could exploit stolen data in new ways.

Staff at the tech giant have apparently noticed new cyberattacks, leading to the warning to be issued. The threat emerged following a breach of Salesforce’s cloud platform, which left individuals and organisations using Google services more vulnerable to intrusion.

Gmail and Google Cloud have an estimated 2.5 billion users worldwide, and the company is urging all users to remain vigilant, monitor their accounts closely, and strengthen their security measures to reduce the risk of compromise.

According to Google’s Threat Intelligence Group (TAG), the first signs of these attacks were detected in June, when researchers discovered that hackers were impersonating IT support staf to deceive users. By August, Google confirmed that the group had achieved several “successful intrusions” through the use of compromised passwords.

Although the stolen data was described as “basic and largely publicly available business information,” it has since been weaponised to fuel more damaging schemes. “We believe threat actors using the ‘ShinyHunters’ brand may be preparing to escalate their extortion tactics by launching a data leak site (DLS),” TAG explained in a recent blog post. “These new tactics are likely intended to increase pressure on victims, including those associated with the recent UNC6040 Salesforce-related data breaches.”

The method, where attackers pose as IT personnel over the phone, has proven “particularly effective in tricking employees,” Google noted, with victims largely concentrated in English-speaking branches of global corporations. All users first identified as impacted by the incident were formally notified by Google via email on August 8.

ShinyHunters are a notorious cybercriminal group that first emerged in 2020 and took their name from the Pokémon franchise. Since then, they have been linked to a string of high-profile data breaches targeting major organisations, including Microsoft, Santander, and Ticketmaster.

They are known for stealing massive amounts of user records, login credentials, and personal data, which are often leaked or sold on underground forums. In addition to data theft, they engage in extortion by threatening to release sensitive information unless companies meet their demands.

Gmail users are being encouraged to take proactive steps to strengthen the security on their accounts. Google advises users to regularly update their passwords and enable extra safeguards like two-factor authentication, which adds an additional layer of protection against intrusions.