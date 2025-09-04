Technology by Jeroslyn JoVonn Google Warns Users To Reset Passwords Amid Spike In Phishing After Salesforce Breach The Salesforce data breach is putting Gmail users at risk, fueling a surge in email phishing scams.







Google is urging its 2.5 billion Gmail users to reset their passwords and stay alert for suspicious messages following a spike in phishing scams linked to the Salesforce data breach.

A Salesforce data breach by the hacker group ShinyHunters has put billions of Gmail users at risk of targeted phishing scams, Inc reported. While no Gmail passwords were stolen, attackers obtained business-related Gmail data, including contact lists, company affiliations, and email metadata, leading to a surge in phishing attempts.

Hackers are reportedly targeting Gmail users by impersonating Google, IT departments, and trusted vendors to steal login information. Some attacks use “vishing,” fraudulent calls from spoofed 650-area-code numbers that mimic Google’s corporate lines, or emails referencing employers, colleagues, and recent communications that would trick users into clicking malicious links or sharing sensitive data.

Once credentials are stolen, hackers can bypass security measures and take over accounts, causing major damage that often goes unnoticed until it’s too late.

“If you do not have a good password on your email, the rest of your life is pretty much wide open, because every single service out there does reset passwords by sending you an email,” said Cloudflare CEO Graham-Cummings. “So if I can compromise your email, I can compromise pretty much everything else you have.”

As a result, Google is urging users to adopt stronger protections, like passkeys and app-based two-factor authentication (2FA), which make it far harder for hackers to access accounts, even if a password is compromised.

Other tips include regularly resetting your Gmail password with something unique and complex, and avoiding password reuse across accounts. Be cautious of unsolicited messages. If you receive an email or call about account security, go directly to your Google Account dashboard rather than clicking links or sharing information.

Use Google’s Security Checkup to review connected devices, apps, and settings. Stay alert for unusual login attempts, unexpected password reset requests, or suspicious email activity, and act quickly to secure your account.

