Google urges Gmail users to reset passwords after major hacking threat

Google has issued an urgent warning to its 2.5 billion Gmail users after detecting widespread hacking attempts that resulted in what the company calls “successful intrusions.”

The tech giant is advising account holders to immediately update their passwords, enable two-factor authentication (2FA), and stay alert for suspicious login activity.

How Hackers Gained Access

Cybercriminals reportedly used phishing emails that redirected victims to fake sign-in pages, while others tricked users into revealing their two-factor authentication codes. These methods allowed hackers to bypass standard password protections.

Despite Google’s push for stronger credentials, data shows only one-third of Gmail users regularly refresh their passwords, leaving millions vulnerable.

Recent Breaches Raise Concerns

In addition to Gmail accounts, Google recently disclosed a Salesforce database breach where attackers posed as IT staff in “social engineering” scams. This technique proved highly effective in deceiving employees and could pave the way for more damaging attacks.

Google has linked the activity to a hacking group known as ShinyHunters, notorious for cyberattacks on major corporations such as AT&T, Microsoft, Santander, and Ticketmaster. The group is now rumored to be preparing a data leak site to escalate extortion attempts.

What Users Should Do

Change passwords immediately and avoid reusing old ones

Activate two-factor authentication (2FA) for extra protection

Monitor Gmail accounts for unusual activity or login alerts

Be cautious with emails that request sensitive information

Google confirmed that all affected users were notified via email earlier this month and emphasized that quick action is crucial to safeguarding accounts.

This warning serves as a reminder that even with advanced security systems, human error and outdated passwords remain the biggest risks in cybersecurity.