Google has sent out an urgent warning to its 2.5 billion Gmail users, urging them to tighten their security settings after a major Salesforce breach exposed fresh attack vectors for hackers. While Google’s own systems remain secure, the incident is being actively exploited by cybercriminals linked to the notorious ShinyHunters group.
Gmail accounts targeted after Salesforce breach

The company’s Threat Analysis Group (TAG) confirmed that attackers began using stolen Salesforce data in June, relying on social engineering tactics to break into Gmail and Google Cloud accounts. Hackers impersonated IT support staff in calls and emails, a method known as vishing, and by August, several successful intrusions had been recorded.
Though the stolen information was described as “basic and largely public,” it has since been repurposed for more damaging attacks. TAG warned that the hackers could escalate further by launching a data leak site to pressure victims into paying extortion demands.
Who are the ShinyHunters?
The ShinyHunters first appeared in 2020, naming themselves after a Pokémon reference, and have since carried out massive data breaches against major companies. Their targets include:
- AT&T Wireless
- Microsoft
- Santander
- Ticketmaster
- Tokopedia, Wattpad, and more
The group specializes in stealing login credentials, personal records, and corporate data, which they then sell on the dark web or use in extortion schemes. Cybersecurity experts say their persistence and scale make them one of the most dangerous hacker collectives operating today.
Google’s advice for Gmail users
In its warning, Google stressed that users can significantly reduce their risk by taking a few proactive steps:
- Regularly update passwords
- Enable two-factor authentication
- Avoid reusing passwords across multiple accounts
- Watch out for suspicious calls or emails posing as IT support
Google also revealed that while many Gmail accounts already use strong passwords, far fewer users change them regularly, leaving gaps for attackers to exploit.
Why this warning matters
This isn’t just about one breach. With Gmail tied to billions of accounts, even small vulnerabilities can have enormous consequences. By weaponizing Salesforce data, groups like ShinyHunters can launch targeted scams that bypass traditional security measures.
For users, the message is clear: vigilance is no longer optional. If your inbox is your digital front door, now’s the time to reinforce the locks.