Google urges 2.5 billion Gmail users to reset passwords after surge in hacker attacks

Google has issued a sweeping security advisory to its 2.5 billion Gmail users, urging them to update their passwords and enable two-factor authentication (2FA) following a rise in “successful intrusions” by hackers.

The company said attackers are increasingly relying on phishing campaigns and fake sign-in pages to steal login credentials, as well as tricking users into sharing their 2FA codes.

Read more: Thousands of Grok chats now visible on Google search

While the majority of Gmail users maintain strong and unique passwords, only about one-third regularly update them, according to Google data. The company has asked users to remain vigilant for suspicious activity, flag unusual login attempts, and adopt additional layers of protection such as 2FA.

The fresh warning comes against the backdrop of recent breaches tied to Google’s Salesforce database.

Read more: Disney data leak: Hackers claim to have leaked alleged internal comms of media giant

In June, the company revealed that threat actors had posed as IT support staff in highly targeted social engineering schemes. While that breach primarily exposed publicly available information like business contact details, Google cautioned that the same methods could be used in more damaging attacks.

Google has reportedly linked some of the activity to the hacking group “ShinyHunters,” which it believes may be preparing to escalate extortion tactics by launching a dedicated data leak site.

All users impacted by the Salesforce-related breach were notified via email on August 8. Google reiterated that staying ahead of evolving cyber threats requires both corporate safeguards and user-level precautions.

Read more: Microsoft tops charts as hackers' favourite brand for phishing attempts

With over 2.5 billion active accounts worldwide, Gmail remains the world’s most widely used email service, making it an attractive target for hackers seeking to exploit personal and business data.