Redazione RHC : 30 August 2025 10:39
On August 30, 2025, Google issued a critical security advisory concerning its popular Gmail service, impacting approximately 2.5 billion users globally. This alert follows a significant data breach involving a third-party Salesforce-based application utilized by the company, prompting heightened vigilance among users to enhance account security.
The breach, which took place in June 2025, has raised alarms regarding sophisticated phishing schemes that could potentially affect vast numbers of Gmail users. Alphabet’s timely warning is part of its efforts to combat a widespread issue where users frequently neglect to update their passwords. Recent analysis indicates that only one-third of users routinely change their credentials, leaving numerous accounts vulnerable, particularly those without multifactor authentication (MFA).
The incident was linked to a cybercriminal group known as UNC6040, or more frequently referenced by its extortion alias, ShinyHunters. This faction exploited a Salesforce enterprise platform to acquire sensitive information from small and medium-sized businesses, accessing user data stored within its system.
Attackers effectively employed a tactic referred to as voice phishing, or “vishing,” to initiate the breach. By impersonating IT support personnel over the phone, they successfully manipulated an employee into granting unauthorized access to internal systems. Through this compromised entry, they retrieved limited data that primarily consisted of basic company details, which was largely already publicly accessible, such as business names and contact information.
Although the data breached is not deemed particularly sensitive, experts warn that it could serve as a valuable resource for launching realistic phishing and vishing attacks. Google reassured users that no customer products or sensitive data, including passwords or financial details, were compromised during this incident.
Criminals often leverage news of breaches to craft convincing scams aimed at duping individuals into disclosing personal login information or two-step verification codes. Following the exposure of data, such groups, including ShinyHunters, are known to intensify their tactics through direct extortion, increasing psychological pressure on unsuspecting victims. The attackers managed to exfiltrate data before their access was detected and terminated by Google’s security teams. ShinyHunters has gained notoriety for previous data leaks affecting other notable corporations like Adidas and Cisco.
On August 5, Google released detailed information about the incident and the actions taken by UNC6040. Following this disclosure, on August 8, the company confirmed that it had completed notifying all parties potentially affected by the breach. Given the heightened risk of further cyber-attacks, it is imperative for all Gmail users to maintain a proactive stance and consider implementing robust security measures.
Users are strongly encouraged to update their passwords, activate multifactor authentication, and remain cautious of unsolicited communications requesting sensitive information.
RedazioneThe editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.
