People with Gmail accounts have been warned to change their passwords immediately after a huge data breach. Up to 2.5 billion users' data was reportedly exposed in June, giving hackers access to information such as contact details, company names and email addresses.
Google confirmed that no passwords were stolen during the incident, however, the information is still valuable to scammers. Criminals can attempt to convince users to reset their Gmail password through fake calls by impersonating a Google employee, to try and lock the user out of their account and get access to private files.
Even though it happened in June, Google started to notify affected customers on August 8 after acknowledging the incident on August 5.
It happened as a result of a hacking group, ShinyHunters, which managed to deceive a Google employee into revealing login credentials for a company system.
This gave them access to business files containing company names and customer contact information stored in Google's Salesforce database.
Cybersecurity expert James Knight told The Sun:"There's a huge increase in the hacking group trying to gain leverage on this.
"There's a lot of vishing - people calling, pretending to be from Google, text messages coming through in order to get people to log in, or get codes to log in."
He stressed: "If you do get a text message or a voice message from Google, don't trust it's from Google. Nine times out of 10, it's likely not."
Some hackersmay also try their luck by testing common passwords, such as "password", with the stolen email addresses.
He advised users to set up multi-factor authentication, which requires a code to be sent to their phone or email before they can log in.
Passkeys add another layer of protection because they rely on biometric data, such as fingerprint or face recognition, instead of passwords. Customers can also do a Google security checkup to identify the weakest points in their accounts.
At the time, Google confirmed the impacted data was a Salesforce instance "used to store contact information and related notes for small and medium businesses."
It added that the stolen data consisted of "basic and largely publicly available business information, such as business names and contact details."
You may also like
'They call me president of Europe': Donald Trump boasts from Oval Office, criminalises burning of US flag with new order | Watch
Meghan blushes as TV star cracks a cheeky joke in new With Love teaser
Traffic Diversion For Indore's Khajrana Ganesh Temple During Ganesh Utsav
US Open photographer at centre of Daniil Medvedev meltdown breaks silence
Ex-Premier League referee slams TWO decisions in Man Utd's controversial Fulham draw
