Google has issued a major warning to its 2.5 billion Gmail users worldwide, urging them to immediately update their passwords after a Salesforce-linked data breach exposed sensitive information to cybercriminals.
According to the company, the incident occurred in June 2025 when hackers exploited vulnerabilities in a third-party Salesforce system. Though Google says its own servers were not directly compromised, the breach has opened doors for sophisticated phishing campaigns, putting countless Gmail accounts at risk.
What Happened?
Hackers gained access to Salesforce data linked with Gmail workspace accounts.
Stolen information is being used to craft phishing emails that look identical to legitimate Google alerts.
Experts warn that millions of users could be tricked into giving away login credentials.
Google’s Advice to Users
Change your Gmail password immediately, especially if you’re still using an old one.
Enable two-factor authentication (2FA) to add an extra layer of security.
Stay cautious of suspicious links or pop-ups asking for login details.
Check your Google account activity for unknown logins.
Why It Matters
With Gmail being one of the most widely used email platforms, this breach has triggered global concern about data safety and online identity theft. Cybersecurity experts say attackers are increasingly targeting third-party systems to indirectly compromise tech giants like Google.
“Even if Gmail itself isn’t hacked, the ripple effect of such breaches can be devastating. Hackers use stolen data to impersonate trusted brands and launch large-scale scams,” a cybersecurity analyst noted.
Google has assured that it is working with Salesforce to tighten security and investigate the breach. Meanwhile, users are urged to act quickly to safeguard their accounts.