In a short statement posted on its Keyword blog on September 1, Google addressed online chatter suggesting that Gmail accounts had been widely compromised. While avoiding specifics, the unsigned email assured users that there had not been a "mass warning to all Gmail users" or widespread hack. Rather, Google emphasized that it can stop over 99.9% of phishing and malware efforts and reminded users to use passkeys instead of regular passwords.
The company’s response follows mounting speculation on social media and in some press outlets that a hacking group known as ShinyHunters had gained large-scale access to Gmail user data. While a handful of phishing reports have surfaced on Reddit—and appear credible—the bulk of the noise seems to stem from journalists linking Google’s blog post to the Salesforce breach disclosed earlier this summer, rather than any new Gmail compromise.
Google previously updated its Threat Intelligence blog on August 8 to clarify that it had notified all accounts actually impacted by the Salesforce incident. Those alerts, however, did not extend to Gmail’s 2.5 billion active users. The company said notifications began and ended on the same day, August 8, targeting only directly affected customers.
For now, there’s no indication that the recent phishing attempts reported online are tied to a new Gmail intrusion. Reddit users have reported receiving frequent phone calls from the 650 area code in California and receiving strange inbox notifications from "mailer daemon" accounts, however these seem to be typical phishing techniques rather than indicators of a larger breach.
As always, Google reminds users not to click on unexpected links in their Gmail accounts and never to share login credentials over the phone.
Posts
0 Comments