Google is alerting its 2.5 billion Gmail users about a potential threat that could put their accounts at risk. A few weeks ago, the tech giant acknowledged a data breach involving a third-party Salesforce system, which puts almost all Gmail accounts at risk.
The incident, which took place earlier this year in June, has also raised questions about threat actors using sophisticated phishing campaigns to target a large number of users.
In a blog post, Google said that the scope of the data breach is larger than previously thought and that the “scope of this compromise is not exclusive to the Salesforce integration with Salesforce Drift” but impacts other integrations as well.
Identified by Google Threat Intelligence as UNC6395, it was noted that the threat actor scanned customer support tickets and messages as well as accessed sensitive information like AWS access keys, Snowflake tokens and passwords to gain access to other accounts.
According to Forbes, Google has now issued a separate warning that most Gmail users should change their account passwords if they want to prevent hackers from getting unauthorised access. The tech giant also insists that users set up a two-factor authentication mechanism and use passkeys to keep their Gmail accounts safe.
And while Google says that no passwords were compromised, it did say that users are now at risk of phishing attempts, particularly those who use services like Gmail and Google Cloud. It also warned that threat actors are now impersonating Google employees and calling as well as texting users, asking them to reset passwords or give away login codes.
The company claims that the attack was carried out by a threat group called ShinyHunter, which has been linked to several big data breaches in the past, including the likes of Microsoft, Ticketmaster and AT&T.
Story continues below this ad
While the majority of information stolen was already available in the public domain, there is a chance that ShinyHunter might be setting up a website to carry out phishing attacks.
The indianexpress.com reached out to Software Freedom Law Centre (SFLC), a legal services organisation that advocates for digital freedom. The organisation said that the “breach came through an integration of a third-party platform, highlighting the vulnerabilities we all have in our systems.”
SFLC added that it’s not just email systems, but business platforms and ticketing systems are affected by the data breach as well. In order to stay safe, the organisation recommends that users change their credentials and look out for identity theft.
© IE Online Media Services Pvt Ltd