If you’re on Gmail, you might want to hear this. More than 2.5 billion accounts could be affected by what’s being called one of Google’s largest data breaches to date. The perpetrators belong to the hacker collective ShinyHunters, a name that’s become all too familiar in the cybersecurity world.
It was social engineering at its simplest. Back in June 2025, scammers impersonated Google IT staff, placed some convincing phone calls, and tricked an employee into approving a malicious Salesforce app. That single approval unlocked access to Google’s Salesforce-managed database, letting attackers quietly siphon off contact details, company names, and internal notes.
Google insists no passwords were stolen. But the stolen data is already fueling a surge of phishing campaigns. Users are reporting fake emails, spoofed calls, and scam texts designed to trick them into handing over verification codes or resetting passwords.
Passwords may be safe (for now), but this leak still opens doors. With personal and business data in hand, scammers can impersonate Google staff, pressure people into giving up credentials, or brute-force accounts with weak logins like 123456. The risks can range from full account takeovers, locked-out Gmail accounts, and lost photos to compromised business systems and even exposed financial details.
Google began alerting affected users on August 8, describing the leaked data as “largely public.” But security pros warn even “basic” details can fuel highly targeted scams. From Gmail OAuth scams to the Google+ API leaks, history shows hackers don’t need your password to cause chaos.
As for ShinyHunters, they’re known for breaching companies, sitting on stolen data, then resurfacing months later with extortion threats. Word is, they may soon escalate by launching their own leak site.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.