Google emergency alert: 2.5 billion Gmail users urged to change passwords immediately

Google has issued a sweeping emergency alert to all 2.5 billion Gmail users, urging them to bolster their account security following a breach linked to the company’s Salesforce cloud platform. The alert comes amid concerns that stolen contact data is fueling a sharp rise in phishing and vishing attacks.

Though Google assures that no passwords or direct Gmail systems were compromised, the attack—attributed to the notorious hacking group ShinyHunters—exposed business email addresses and contact details. Even seemingly innocuous information could now be used to craft highly convincing phishing schemes.

According to reports, the first signs of unauthorized access surfaced in June, when attackers posed as IT support and tricked an employee into installing malware on Salesforce systems. By August, Google had confirmed multiple successful intrusions and began notifying affected users on August 8.

In light of the threat, Google strongly recommends that Gmail users take immediate action: change their passwords, enable two-factor authentication (2FA) or passkeys, and sign up for enhanced security features like its Advanced Protection Program. Users are also urged to run a Security Checkup to review linked devices and app access.

This incident marks one of the most extensive security warnings in Google’s history and serves as a critical reminder of how interconnected digital systems can inadvertently amplify risk—even when core systems remain uncompromised.