Hackers from the group ShinyHunters infiltrated Google’s Salesforce database, triggering the Gmail data breach 2025. As a result, over 2.5 billion Gmail users face heightened security threats, including phishing campaigns and scam attempts. Although no passwords were leaked, cybersecurity experts warn that criminals may exploit leaked data to target victims.
Gmail Data Breach 2025: What We Know So Far
ShinyHunters accessed sensitive Gmail related records stored on Salesforce servers. Investigators say the attack exposed: Contact details, Metadata, partial account identifiers
In addition, they found evidence of systematic probing of Google’s infrastructure, which may indicate future attacks.
Why It Matters
With 2.5 billion active Gmail accounts, this breach is one of the largest security incidentsin Google’s history. Although account credentials were not exposed, hackers can use the stolen data to: Send targeted phishing emails pretending to be Google, Launch vishing scams over phone calls, Steal personal or corporate data, Exploit leaked contact details for identity theft
Who Are ShinyHunters?
ShinyHunters is a well-known hacker collective tied to breaches affecting Microsoft, AT&T, and other tech giants. They are notorious for leaking stolen data on dark web forums and have increasingly focused on attacking cloud services and CRM platforms to infiltrate corporate systems.
How to Protect Your Gmail Account
Google is urging all users to strengthen their account security. Here’s what you should do now: Enable Two-Factor Authentication (2FA): Adds an extra login step to block hackers, Avoid Clicking Suspicious Links: Always verify sender addresses and website URLs, Ignore Security Calls or Messages: Google will never call you to ask for passwords or codes, Join Google’s Advanced Protection Program: For high-risk users such as journalists and activists, Run Google’s Security Checkup: Review login history, connected apps, and devices ,Switch to Passkeys: A safer, password-free authentication method.
